Mulitple Security Vulnerabilities in Oracle Affect SunMC


Category :Security
Release Phase :Resolved
Product :Sun Management Center 3.5 Update 1  
Bug Id :5102677  
Date of Resolved Release :15-JUL-2005 


Impact

Unprivileged local or remote users may be able to execute arbitrary code on Solaris systems which have installed and enabled the Sun Management Center (SunMC) server software. The SunMC server software typically runs as the unprivileged uid "smcorau" and uses the Oracle listener, and is thus affected by the multiple Oracle vulnerabilities described in Oracle Security Alert #68 at http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf.

These issues are also described in CERT Technical Cyber Security Alert TA04-245A at http://www.us-cert.gov/cas/techalerts/TA04-245A.html.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • SunMC 3.5 update 1 or update 1a (for Solaris 8) without patch 118828-04
  • SunMC 3.5 update 1 or update 1a (for Solaris 9) without patch 118829-04
  • SunMC 3.5 update 1a (for Solaris 10) without patch 118829-04

Notes:

  1. This issue is not applicable to SunMC 3.5 and earlier releases.
  2. This issue is not applicable to SunMC 3.5 update 1b release.
  3. This issue is not applicable to Solaris 7 as SunMC 3.5 update 1 and SunMC 3.5 update 1a server layers are not supported on Solaris 7.
  4. SunMC 3.5 update 1 is not supported on Solaris 10.
  5. SunMC is not supported on the Solaris x86 platform.

To determine if SunMC is installed on a Solaris system (and what version), the following command can be run:

    # pkginfo -l SUNWescom
    PKGINST:  SUNWescom
       NAME:  Sun Management Center Common Components
   CATEGORY:  system,SyMON
       ARCH:  sparc
    VERSION:  3.5,REV=2.9.2004.05.04
    BASEDIR:  /opt
     VENDOR:  Sun Microsystems, Inc.
       DESC:  This package provides the common components among all SES installations
     PSTAMP:  lapena20050402224254
   INSTDATE:  Jun 30 2005 01:56
    HOTLINE:  Please contact your local service provider
     STATUS:  completely installed
      FILES:       70 installed pathnames
                   9 shared pathnames
                  10 directories
                  53 executables
                7857 blocks used (approx)

If instead, the following error message is returned:

    ERROR: information for "SUNWescom" was not found

then the SUNWescom package and SunMC are not installed.

To determine if SunMC is running on a Solaris system, the following command can be run:

    # ps -aef | grep SUNWsymon | grep -v grep
    root 11033     1  0 19:36:57 ?        0:09 esd - init trap -dir /var/opt/SUNWsymon -q
    root 11960     1  0 19:37:00 ?        0:37 esd - init topology -dir /var/opt/SUNWsymon -q
    root 11676     1  1 19:36:58 ?       19:54 esd - init agent -dir /var/opt/SUNWsymon -q
    root 11037     1  0 19:36:57 ?        0:05 esd - init event -dir /var/opt/SUNWsymon -q
    root 11035     1  0 19:36:57 ?        0:12 esd - init cfgserver -dir /var/opt/SUNWsymon -q
    root 10698     1  0 19:36:45 pts/5    2:28 /usr/j2se/bin/java
    -DINTERFACE_PATH=/var/opt/SUNWsymon/cfg:/opt/SUNWsymon/base/
    smcorau 10655     1  0 19:36:36 ?     0:00 /opt/SUNWsymon/oracle/product/8.1.7/bin/tnslsnr  
    smcdblistener -inherit
    root 17710     1  0 19:37:32 ?        0:37 esd - init metadata -dir /var/opt/SUNWsymon -q

(As in the example above, if the output contains more than one process, then SunMC is configured and running).


Symptoms

There are no reliable symptoms that would indicate the described issues have been exploited.


Workaround

There is no workaround for these issues. Please see the Resolution section below.


Resolution

These issues are addressed in the following releases:

SPARC Platform

  • SunMC 3.5 update 1 or update 1a (for Solaris 8) with patch 118828-04 or later
  • SunMC 3.5 update 1 or update 1a (for Solaris 9) with patch 118829-04 or later
  • SunMC 3.5 update 1a (for Solaris 10) with patch 118829-04 or later

Note: Oracle recommends that the latest Critical Patch Update (CPU) from Oracle is always present and kept up to date on the system when running any Oracle application. The latest CPU will address all known & fixed security vulnerabilities in Oracle code.




Modification History


Date: 22-SEP-2005

22-Sep-2005:

  • Update Contributing Factors section



Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 200925
Article Type : Sun Alert
Last reviewed : 2005-09-22
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
Contact About Sun News & Events Employment Site Map Privacy Terms of Use Trademarks Copyright Sun Microsystems, Inc. | SunSolve Version 7.4.0 #1