A security vulnerability in the "/lib/svc/method/net-svc" script may allow a remote privileged user the ability to execute arbitrary code with "root" privileges on a "DHCP" client system if the remote user has access to a system within the network or subnet which is used by the host for "DHCP" requests.

This issue can occur in the following releases:

SPARC Platform

• Solaris 10 without patch 119593-01

x86 Platform

• Solaris 10 without patch 119594-01

Note: Solaris 8, and Solaris 9 are not impacted by this issue.

Only systems configured as a "DHCP" client are vulnerable to this issue. If a system is configured as a "DHCP" client, the "netstat -D" command will produce output similar to the following:

    # netstat -D
    Interface  State         Sent  Recv  Declined  Flags
    bge0       BOUND            1     1         0
    (Began, Expires, Renew) = (08/15/2005 16:00, 08/15/2005 20:00, 
    08/15/2005 17:57)

There are no predictable symptoms that would indicate the described issue has occurred.

To prevent the described issue from occurring until patches can be applied, the following workaround can be used:

1. Use the sys-unconfig(1M)command to unconfigure the system.

2. On the subsequent reboot, configure the system to use a "static IP" address instead of "DHCP".

This issue is addressed in the following releases:

SPARC Platform

• Solaris 10 with patch 119593-01 or later

x86 Platform

• Solaris 10 with patch 119594-01 or later

This solution has no attachment