Solaris 7 (SPARC Platform Edition) Release Notes

Security Bugs

Security Vulnerability In `ufsdump` And `ufsrestore` (4132365)

A security vulnerability exists in the ufsdump(1M) and ufsrestore(1M) commands. If you have already gained access to a given Solaris system, you can exploit this vulnerability to obtain root access. Fixes for these problems are available for this release by installing patch ID 106793-01, a patch for SPARC systems, or patch ID 106794-01, a patch for x86 based systems.

If you have not yet obtained and installed the appropriate patch, you can apply the following workaround on your system.

Workaround: If you use the chmod command on the ufsdump and ufsrestore programs such that the set-uid bit is removed, the programs are then no longer vulnerable. You can remove the set-uid bit by executing the following command as root:

# chmod 0555  /usr/lib/fs/ufs/ufsdump /usr/lib/fs/ufs/ufsrestore

Some of the ufsdump/ufsrestore functionality is now only available to root, specifically having access to backup devices on the network using the rmt(1M) protocol.

Security Bugs

Security Vulnerability In ufsdump And ufsrestore (4132365)

Security Vulnerability In `ufsdump` And `ufsrestore` (4132365)