• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sun Solaris pkgadd Inappropriate File Permissions Vulnerability

Solution:
Administrators may check for problematic files. The following command is suggested by Sun:

$ grep ? /var/sadm/install/contents

The presense of the '?' character in the mode, user or group field may indicate a problematic file has been installed.

Sun has recommended that users remove inappropriate file permissions by executing the following command as root:

# chmod a-s </path/to/file>

This issue has been addressed with the following patches:


Sun Solaris 2.6

• Sun 106292-13
  Sparc
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106292&rev=13


• Sun 106293-12
  Intel
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106293&rev=12

Sun Solaris 7.0

• Sun 107443-16
  Sparc
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=107443&rev=16


• Sun 107444-16
  Intel
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=107444&rev=16

Sun Solaris 8

• Sun 110934-08
  Sparc
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=110934&rev=08


• Sun 110935-08
  Intel
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=110935&rev=08

Sun Solaris 2.5.1

• Sun 104578-05
  Sparc
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=104578&rev=05


• Sun 104579-05
  Intel
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=104579&rev=05