#201148: Security Vulnerability May Allow 'sh' Process to be Crashed Causing a Denial of Service

Security Vulnerability May Allow 'sh' Process to be Crashed Causing a Denial of Service

Category :	Security
Release Phase :	Resolved
Product :	Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System
Bug Id :	6277636
Date of Resolved Release :	11-APR-2006

Impact

A security vulnerability in the Bourne shell may allow an unprivileged local user to cause sh(1) processes to crash while creating temporary files. This can lead to a Denial of Service (DoS) for scripts or for users (such as 'root') that use sh(1).

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

Solaris 8 without patch 109324-09
Solaris 9 without patch 118535-03
Solaris 10 without patch 121004-01

x86 Platform

Solaris 8 without patch 109325-09
Solaris 9 without patch 118536-03
Solaris 10 without patch 121005-01

Symptoms

There are no predictable symptoms that would indicate this issue has been exploited to cause a shell to crash.

Workaround

There is no workaround. Please see the "Resolution" section below.

Resolution

This issue is addressed in the following releases:

SPARC Platform

Solaris 8 with patch 109324-09 or later
Solaris 9 with patch 118535-03 or later
Solaris 10 with patch 121004-01 or later

x86 Platform

Solaris 8 with patch 109325-09 or later
Solaris 9 with patch 118536-03 or later
Solaris 10 with patch 121005-01 or later

Attachments

This solution has no attachment

Login Required

Login Required