Sun Java Studio Enterprise 8 May Create World-Writable Files When Installed by Root |
|
| Category : | Security |
| Release Phase : | Resolved |
| Product : | Sun Java Studio Enterprise 8
|
| Bug Id : | 6309618
|
| Date of Resolved Release : | 13-APR-2006
|
A security vulnerability in Sun Java Studio Enterprise 8 may allow a local unprivileged user the ability to execute arbitrary commands as a user who runs Sun Java Studio due to the creation of certain files with world-writable permissions when the product is installed by root.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Sun Java Studio Enterprise 8 (for Solaris 9 and Solaris 10) without patch 121045-04
x86 Platform
- Sun Java Studio Enterprise 8 (for Solaris 9 and Solaris 10) without patch 121045-04
Symptoms
If the described issue occurs, certain files in the install directory will be world-writable when the product is installed by root.
Workaround
No file under the install directory should be world-writable.
To work around the described issue, the following command can be used to manually remove the write permission for others:
$ find <jstudio_ent8> -perm -o+w -exec chmod o-w {} \;
Note: <jstudio_ent8> is the installation root directory.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Sun Java Studio Enterprise 8 (for Solaris 9 and Solaris 10) with patch 121045-04 or later
x86 Platform
- Sun Java Studio Enterprise 8 (for Solaris 9 and Solaris 10) with patch 121045-04 or later
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
