• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Solaris chkperm Buffer Overflow Vulnerability

A buffer overrun exists in the 'chkperm' program, as included by Sun in its version of AT&T's FACE (Framed Access Command Environment). By supplying a well crafted buffer of executable code to the -n option to the chkperm executable, it may be possible to execute arbitrary commands as root.

It has been publicly reported that this vulnerability is unexploitable by conventional means, under both Sparc and X86 versions of Solaris. This does not mean, necessarily, that the possibility of an exploit existing now, or in the future, is 0. The safest course of action is still to repair the problem, either by acquiring a patch from the vendor, or by removing the setuid and setgid bits from the chkperm binary.