Security Bugs

Security Vulnerability In ufsdump And ufsrestore (4132365)

A security vulnerability exists in the ufsdump(1M) and ufsrestore(1M) commands. If you have already gained access to a given Solaris system, you can exploit this vulnerability to obtain root access. Fixes for these problems are available for this release by installing patch ID 106793-01, a patch for SPARC systems, or patch ID 106794-01, a patch for x86 based systems.

If you have not yet obtained and installed the appropriate patch, you can apply the following workaround on your system.

Workaround: If you use the chmod command on the ufsdump and ufsrestore programs such that the set-uid bit is removed, the programs are then no longer vulnerable. You can remove the set-uid bit by executing the following command as root:

# chmod 0555  /usr/lib/fs/ufs/ufsdump /usr/lib/fs/ufs/ufsrestore

Solaris 7 praudit and auditreduce Cannot Process Solaris 2.6 Audit Files (4167174 and 4168892)

Solaris 7 audit trails are incompatible with audit trails that have been generated in the Solaris 2.3, 2.4, 2.5, 2.5.1, 2.6 operating environments. You cannot use the praudit and auditreduce commands in the Solaris 7 operating environment to process audit files that have been generated in the Solaris 2.3, 2.4, 2.5, 2.5.1, 2.6 operating environments.

Workaround: Process audit trails only on the Solaris release on which they have been generated. This problem is addressed by the Solaris 7 106832106833 patch.