Sun Solaris pfexec program allows elevated privileges

solaris-pfexec-gain-privileges (14988) The risk level is classified as HighHigh Risk

Description:

Sun Solaris could allow a local attacker to gain elevated privileges, caused by a vulnerability in the pfexec program. If the custom rights profile database contains an invalid entry, a local attacker with a custom rights profile could execute a profile command to gain elevated privileges on the system.


Consequences:

Gain Privileges

Remedy:

Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 57453 for more information. See References.

SPARC Platform:

Solaris 8 with patch 109007-15 or later
Solaris 9 with patch 116237-01 or later

x86 Platform:
Solaris 8 with patch 109008-15 or later
Solaris 9 with patch 116238-01 or later

References:

  • Sun Alert ID: 57453: The pfexec(1) Command May Execute a "Profile" Command With Additional Privileges.
  • BID-9534: Sun Solaris PFExec Custom Profile Arbitrary Privileges Vulnerability
  • CVE-2004-1394: The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.
  • OSVDB ID: 3764: Solaris pfexec Privilege Escalation
  • SA10755: Sun Solaris pfexec Privilege Escalation Vulnerability
  • SECTRACK ID: 1008893: Sun Solaris pfexec May Execute Profile Commands With Elevated Privileges

Platforms Affected:

  • Sun Solaris 8
  • Sun Solaris 9

Reported:

Jan 30, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page