Security Vulnerability in Sun Grid Engine/N1 Grid Engine rsh(1) Binary


Category :Security
Release Phase :Resolved
Product :Sun Grid Engine 6
Sun Grid Engine 5.3  
Bug Id :6366691  
Date of Resolved Release :27-MAR-2006 


Impact

A security vulnerability in the Sun Grid Engine 5.3/N1 Grid Engine 6.0 rsh(1) binary may allow a local unprivileged user the ability to gain unauthorized root access.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Sun Grid Engine 5.3 (32-bit Solaris) without patch 113136-06
  • Sun Grid Engine 5.3 (64-bit Solaris) without patch 113137-06
  • Sun Grid Engine 5.3 (32-bit Solaris) NON-Solaris Package format without patch 113849-06
  • Sun Grid Engine 5.3 (64-bit Solaris) NON-Solaris Package format without patch 113850-06
  • Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) without patch 113139-07
  • Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) without patch 113140-07
  • Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) NON-Solaris Package format without patch  113855-06
  • Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) NON-Solaris Package format without patch 113856-06
  • N1 Grid Engine 6.0 (32-bit Solaris) without patch 121956-01
  • N1 Grid Engine 6.0 (64-bit Solaris) without patch 121957-01
  • N1 Grid Engine 6.0 (32-bit Solaris) NON-Solaris Package format without patch 121960-01
  • N1 Grid Engine 6.0 (64-bit Solaris) NON-Solaris Package format without patch 121961-01

x86 Platform

  • Sun Grid Engine 5.3 without patch 113138-07
  • Sun Grid Engine 5.3 NON-Solaris Package format without patch 113851-06
  • Sun Grid Engine Enterprise Edition 5.3 without patch 116658-03
  • Sun Grid Engine Enterprise Edition 5.3 NON-Solaris Package format without patch 116659-03
  • N1 Grid Engine 6.0 without patch 121958-01
  • N1 Grid Engine 6.0 NON-Solaris Package format without patch 121962-01
  • N1 Grid Engine 6.0 (x64) without patch 121959-01
  • N1 Grid Engine 6.0 (x64) NON-Solaris Package format without patch 121963-01

Linux

  • Sun Grid Engine 5.3 without patch 113852-06
  • Sun Grid Engine Enterprise Edition 5.3 without patch 113900-05
  • Sun Grid Engine Enterprise Edition 5.3 (x64) without patch 117293-02
  • N1 Grid Engine 6.0 without patch 121964-01
  • N1 Grid Engine 6.0 (x64) without patch 121965-01

Windows

HP-UX

AIX

  • N1 Grid Engine 6.0 (for AIX 4.3) without patch 121966-01
  • N1 Grid Engine 6.0 (for AIX 5.1) without patch 121967-01

MAC OS

IRIX

  • N1 Grid Engine 6.0 (for IRIX 6.5) without patch 121970-01

Symptoms

There are no predictable symptoms that would indicate the above described issues have been exploited.


Workaround

To work around the described issue, configure ssh(1) as transport for "qrsh" and delete "$SGE_ROOT/utilbin/*/rsh".  

See: http://gridengine.sunsource.net/howto/qrsh_qlogin_ssh.html


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Sun Grid Engine 5.3 (32-bit Solaris) with patch 113136-06 or later
  • Sun Grid Engine 5.3 (64-bit Solaris) with patch 113137-06 or later
  • Sun Grid Engine 5.3 (32-bit Solaris) NON-Solaris Package format with patch 113849-06 or later
  • Sun Grid Engine 5.3 (64-bit Solaris) NON-Solaris Package format with patch 113850-06 or later
  • Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) with patch 113139-07 or later
  • Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) with patch 113140-07 or later
  • Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) NON-Solaris Package format with patch 113855-06 or later
  • Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) NON-Solaris Package format with patch 113856-06 or later
  • N1 Grid Engine 6.0 (32-bit Solaris) with patch 121956-01 or later
  • N1 Grid Engine 6.0 (64-bit Solaris) with patch 121957-01 or later
  • N1 Grid Engine 6.0 (32-bit Solaris) NON-Solaris Package format with patch 121960-01 or later
  • N1 Grid Engine 6.0 (64-bit Solaris) NON-Solaris Package format with patch 121961-01 or later

x86 Platform

  • Sun Grid Engine 5.3 with patch 113138-07 or later
  • Sun Grid Engine 5.3 NON-Solaris Package format with patch 113851-06 or later
  • Sun Grid Engine Enterprise Edition 5.3 with patch 116658-03 or later
  • Sun Grid Engine Enterprise Edition 5.3 NON-Solaris Package format with patch 116659-03 or later
  • N1 Grid Engine 6.0 with patch 121958-01 or later
  • N1 Grid Engine 6.0 NON-Solaris Package format with patch 121962-01 or later
  • N1 Grid Engine 6.0 (x64) with patch 121959-01 or later
  • N1 Grid Engine 6.0 (x64) NON-Solaris Package format with patch 121963-01 or later

Linux

  • Sun Grid Engine 5.3 with patch 113852-06 or later
  • Sun Grid Engine Enterprise Edition 5.3 with patch 113900-05 or later
  • Sun Grid Engine Enterprise Edition 5.3 (x64) with patch 117293-02 or later
  • N1 Grid Engine 6.0 with patch 121964-01 or later
  • N1 Grid Engine 6.0 (x64) with patch 121965-01 or later

Windows

  • N1 Grid Engine 6.0 with patch 121971-01 or later

HP-UX

  • N1 Grid Engine 6.0 with patch 121969-01 or later

AIX

  • N1 Grid Engine 6.0 (for AIX 4.3)with patch 121966-01 or later
  • N1 Grid Engine 6.0 (for AIX 5.1)with patch 121967-01 or later

MAC OS

  • N1 Grid Engine 6.0 with patch 121968-01 or later

IRIX

  • N1 Grid Engine 6.0 (for IRIX 6.5) with patch 121970-01 or later

Note: Sun provides support for Sun Grid Engine 5.3 on Solaris and Linux platforms only. For other platforms, binaries fixing this issue are provided as a courtesy on an "AS IS" basis at:






Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 200108
Article Type : Sun Alert
Last reviewed : 2006-11-07
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
Contact About Sun News & Events Employment Site Map Privacy Terms of Use Trademarks Copyright Sun Microsystems, Inc. | SunSolve Version 7.4.0 #1