Sun Solaris uucp multiple buffer overflows
| solaris-uucp-multiple-bo (15425) |  High Risk |
Description:
Sun Solaris is vulnerable to multiple buffer overflows in the /usr/bin/uucp application. A local unprivileged attacker could exploit this vulnerability to overflow a buffer and gain root privileges on the system.
Platforms Affected:
- Sun, Solaris 2.6
- Sun, Solaris 2.6 x86
- Sun, Solaris 7.0 x86
- Sun, Solaris 7.0 SPARC
- Sun, Solaris 8 x86
- Sun, Solaris 8 SPARC
- Sun, Solaris 9 SPARC
- Sun, Solaris 9 x86
Remedy:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 57508 for more information. See References.
SPARC Platform:
Solaris 2.6 with patch 106468-06 or later
Solaris 7 with patch 106952-04 or later
Solaris 8 with patch 111570-03 or later
Solaris 9 with patch 113322-02 or later
x86 Platform:
Solaris 2.6 with patch 106469-06 or later
Solaris 7 with patch 106953-04 or later
Solaris 8 with patch 111571-03 or later
Solaris 9 with patch 115880-01 or later
Consequences:
Gain Access
References:
- Sun Alert ID: 57508, Multiple Buffer Overflows in "/usr/bin/uucp" May Allow Unauthorized uucp(1C) User ID Access at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57508&zone_32=security.
- BID-9837: Sun Solaris Multiple Unspecified Local UUCP Buffer Overrun Vulnerabilities
- CVE-2004-1359: Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.
Reported:
Mar 10, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net