Sun Solaris LD.SO Multiple Local Vulnerabilities
BID:21564
Info
Sun Solaris LD.SO Multiple Local Vulnerabilities
| Bugtraq ID: | 21564 |
| Class: | Unknown |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 12 2006 12:00AM |
| Updated: | Feb 01 2007 03:48AM |
| Credit: | Sean Larsson (iDefense Labs) is credited with the discovery of the buffer-overflow vulnerability. The discoverer of the directory-traversal vulnerability wishes to remain anonymous. |
| Vulnerable: |
Sun Solaris 9_x86 Update 2 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10.0_x86 Sun Solaris 10.0 Avaya Interactive Response 1.3 Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 11.0 Avaya CMS Server 9.0 Avaya CMS Server 13.1 |
| Not Vulnerable: | |
Discussion
Sun Solaris LD.SO Multiple Local Vulnerabilities
Solaris 'ld.so' is prone to a local directory-traversal vulnerability and a local stack-based buffer-overflow vulnerability.
Note that each of these issues cannot be exploited singularly but can be exploited in tandem to potentially execute arbitrary code with superuser privileges. Furthermore, attackers must have access to a dynamically linked setuid-privileged executable.
Solaris 'ld.so' is prone to a local directory-traversal vulnerability and a local stack-based buffer-overflow vulnerability.
Note that each of these issues cannot be exploited singularly but can be exploited in tandem to potentially execute arbitrary code with superuser privileges. Furthermore, attackers must have access to a dynamically linked setuid-privileged executable.
Exploit / POC
Sun Solaris LD.SO Multiple Local Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Sun Solaris LD.SO Multiple Local Vulnerabilities
Solution:
Sun has released fixes to address these issues. Please see the references for more information.
Sun Solaris 10.0
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 9
Sun Solaris 9_x86
Sun Solaris 10.0_x86
Solution:
Sun has released fixes to address these issues. Please see the references for more information.
Sun Solaris 10.0
-
Sun 124922-01
http://sunsolve.sun.com/patches/
Sun Solaris 8_x86
-
Sun 109148-41 (sun)
http://sunsolve.sun.com/search/pdownload.pl?target=109148-41&method=hs
Sun Solaris 8_sparc
-
Sun 109147-42 (sun)
http://sunsolve.sun.com/search/pdownload.pl?target=109147-42&method=hs
Sun Solaris 9
-
Sun 112963-27 (sun)
http://sunsolve.sun.com/search/pdownload.pl?target=112963-27&method=hs
Sun Solaris 9_x86
-
Sun 113986-22 (sun)
http://sunsolve.sun.com/search/pdownload.pl?target=113986-22&method=hs
Sun Solaris 10.0_x86
-
Sun 124923-01
http://sunsolve.sun.com/patches/
References
Sun Solaris LD.SO Multiple Local Vulnerabilities
References:
References:
- Solaris Homepage (Sun Microsystems)
- iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so 'doprf()' Bu (iDefense Labs)
- iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so Directory Tr (iDefense Labs)
- ASA-2007-019 - Security Vulnerabilities in Solaris ld.so.1(1) may Lead to Execut (Avaya)
- Sun Alert ID: 102724 - Security Vulnerabilities in Solaris ld.so.1(1) may Lead t (Sun)