Sun Solaris PKCS#11 Library Local Privilege Escalation Vulnerability

Bugtraq ID:	17687
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Apr 25 2006 12:00AM
Updated:	Apr 26 2006 05:31PM
Credit:	The vendor disclosed this vulnerability.
Vulnerable:	Sun Solaris 10_x86 Sun Solaris 10
Not Vulnerable:

Sun Solaris PKCS#11 Library Local Privilege Escalation Vulnerability

Sun Solaris is susceptible to a local privilege-escalation vulnerability. This issue is due to the PKCS#11 library's failure to properly use non-reentrant functions.

This issue allows local attackers to gain elevated privileges, potentially aiding them in the complete compromise of affected computers. This issue affects only certain applications that run with elevated privileges, since they have to use the affected functions in a very specific manner.

Sun Solaris PKCS#11 Library Local Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Sun Solaris PKCS#11 Library Local Privilege Escalation Vulnerability

Solution:
Sun has released an advisory, along with fixes to address this issue. Please see the referenced advisory for further information on obtaining and applying fixes.


Sun Solaris 10

• Sun 118562-09
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118562-09-1


• Sun 118918-14
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118918-14-1

Sun Solaris 10_x86

• Sun 118563-07
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118563-07-1


• Sun 118919-12
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118919-12-1

Sun Solaris PKCS#11 Library Local Privilege Escalation Vulnerability

References:

• Solaris[tm] Product Line (Sun Microsystems)
  
• Sun Alert ID: 102316 (Sun)