Sun Solaris Non-Privileged Network Port Hijacking Vulnerability

Bugtraq ID:	13241
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Apr 18 2005 12:00AM
Updated:	Apr 18 2005 12:00AM
Credit:	This issue was announced by the vendor.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Avaya Interactive Response 1.3 Avaya Interactive Response 1.2.1 Avaya Interactive Response Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 11.0 Avaya CMS Server 9.0
Not Vulnerable:

Sun Solaris Non-Privileged Network Port Hijacking Vulnerability

Sun Solaris is prone to a vulnerability that may allow local attackers to hijack non-privileged ports. An attacker could abuse this to run malicious or rogue services.

Sun Solaris Non-Privileged Network Port Hijacking Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/solarexp.c

Sun Solaris Non-Privileged Network Port Hijacking Vulnerability

Solution:
Sun has released fixes.

Avaya has released advisory ASA-2005-113 and fixes for this issue. Please see the referenced advisory for details.


Sun Solaris 8_x86

• Sun 116966-08
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116966-08-1

Sun Solaris 8_sparc

• Sun 116965-08
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116965-08-1

Sun Solaris 9

• Sun 118305-02
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118305-02-1

Sun Solaris 9_x86

• Sun 117470-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117470-01-1

Sun Solaris Non-Privileged Network Port Hijacking Vulnerability

References:

• ASA-2005-113 (Avaya)
  
• Sun Alert ID: 57766 Certain Network Services Disruptions or "Spoofs" Could Occur (Sun)