Security vulnerabilities in the uucp(1C) and uustat(1C) utilities may allow local unprivileged users the ability to execute arbitrary commands with the privileges of the "uucp" user (user ID 5 by default).

The uustat(1C) issue is also referenced here:

• http://www.idefense.com/intelligence/vulnerabilities/display.php?id=366
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0780

Sun acknowledges, with thanks, iDefense Labs and Angelo Rosiello (http://www.rosiello.org/) for bringing the uustat(1C) issue to our attention.

These issues can occur in the following releases:

SPARC Platform

• Solaris 8 without patch 111570-04
• Solaris 9 without patch 113322-03

x86 Platform

• Solaris 8 without patch 111571-04
• Solaris 9 without patch 115880-02

Note: Solaris 10 is not impacted by these issues. Solaris 7 will not be evaluated regarding a potential impact of the issues described in this Sun Alert document.

There are no reliable symptoms that would indicate the described issues have been exploited.

To work around the described issues, remove the "set-user-ID" bit from the uucp(1C) and uustat(1C) binaries as follows:

    # chmod u-s /usr/bin/uucp                  
    # chmod u-s /usr/bin/uustat

Note: Removing the "set-user-ID" bit from the uucp(1C) and uustat(1C) binaries will prevent unprivileged users from using the uucp(1C) and uustat(1C) commands to access calling devices (such as modems).

These issues are addressed in the following releases:

SPARC Platform

• Solaris 8 with patch 111570-04 or later
• Solaris 9 with patch 113322-03 or later

x86 Platform

• Solaris 8 with patch 111571-04 or later
• Solaris 9 with patch 115880-02 or later

This solution has no attachment