sun_bof.txt

1999-09-19T00:00:00
ID PACKETSTORM:15647
Type packetstorm
Reporter Packet Storm
Modified 1999-09-19T00:00:00

Description

                                        
                                            `Subject: Sun Security Bulletin #00189 (fwd)  
To: BUGTRAQ@SECURITYFOCUS.COM   
  
  
--  
Kis-Szabo Andras Technical University of Budapest  
-----------------------------/ Schonherz Zoltan Dormitory  
kisza@sch.bme.hu /-------------------------------3OO--->>>.Info  
Fingerprint = 97 D7 32 CE F9 74 5C A0 E5 F4 09 29 67 9F A8 78  
  
  
---------- Forwarded message ----------  
Date: Wed, 8 Sep 1999 11:20:55 -0700  
From: Sun Security Coordination Team <secure@sunsc.Eng.Sun.COM>  
To: CWS@sunsc.Eng.Sun.COM  
Subject: Sun Security Bulletin #00189  
  
  
-----BEGIN PGP SIGNED MESSAGE-----  
  
  
________________________________________________________________________________  
Sun Microsystems, Inc. Security Bulletin  
  
Bulletin Number: #00189  
Date: September 8, 1999  
Cross-Ref:   
Title: LC_MESSAGES  
________________________________________________________________________________  
  
  
The information contained in this Security Bulletin is provided "AS IS."  
Sun makes no warranties of any kind whatsoever with respect to the information  
contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,  
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT OR  
IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE  
HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.  
  
  
IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,  
PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL  
OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF LIABILITY  
ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED IN  
THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED OF  
THE POSSIBILITY OF SUCH DAMAGES.  
  
  
If any of the above provisions are held to be in violation of applicable law,  
void, or unenforceable in any jurisdiction, then such provisions are waived  
to the extent necessary for this disclaimer to be otherwise enforceable in  
such jurisdiction.  
________________________________________________________________________________  
  
  
1. Bulletin Topics  
  
  
Sun announces the release of patches for Solaris(tm) 7 and 2.6 (SunOS(tm)  
5.7 and 5.6) which relate to a buffer overflow vulnerability involving  
the LC_MESSAGES environment variable.  
  
  
Sun recommends that you install the patches listed in section 4  
immediately on systems running SunOS 5.7 and 5.6.  
  
  
  
2. Who is Affected  
  
Vulnerable: SunOS 5.7, 5.7_x86, 5.6, 5.6_x86.  
  
  
Not vulnerable: All other supported versions of SunOS.  
  
  
  
3. Understanding the Vulnerability  
  
  
In libc, the LC_MESSAGES environment variable affects the behavior of  
messaging functions. A vulnerability exists where a buffer overflow  
could be exploited to gain root access. The patches listed in this  
bulletin address both libc and the ufsrestore and rcp binaries which  
are statically linked against libc.  
  
  
  
4. List of Patches  
  
  
The following patches are available in relation to the above problem.  
  
SunOS version Patch ID   
_____________ _________  
  
  
5.7 106541-07  
5.7 ufsrestore 106793-03  
5.7 rcp 107972-01  
  
  
5.7_x86 106542-07  
5.7_x86 ufsrestore 106794-03  
5.7_x86 rcp 107973-01  
  
  
5.6 105210-24  
5.6 ufsrestore 105722-03  
5.6 rcp 107991-01  
  
  
5.6_x86 105211-22  
5.6_x86 ufsrestore 105723-03  
5.6_x86 rcp 107992-01   
  
  
_______________________________________________________________________________  
APPENDICES  
  
  
A. Patches listed in this bulletin are available to all Sun customers at:  
  
  
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&nav=pub-patches  
  
  
B. Checksums for the patches listed in this bulletin are available at:  
  
  
ftp://sunsolve.sun.com/pub/patches/CHECKSUMS  
  
  
C. Sun security bulletins are available at:  
  
  
http://sunsolve.sun.com/pub-cgi/secBulletin.pl  
  
D. Sun Security Coordination Team's PGP key is available at:  
  
  
http://sunsolve.sun.com/pgpkey.txt  
  
E. To report or inquire about a security problem with Sun software, contact  
one or more of the following:  
  
  
- Your local Sun Solution Center  
- Your representative computer security response team, such as CERT  
- Sun Security Coordination Team. Send email to:  
  
security-alert@sun.com  
  
  
F. To receive information or subscribe to our CWS (Customer Warning System)  
mailing list, send email to:  
  
  
security-alert@sun.com  
  
  
with a subject line (not body) containing one of the following commands:  
  
  
Command Information Returned/Action Taken  
_______ _________________________________  
  
  
help An explanation of how to get information  
  
  
key Sun Security Coordination Team's PGP key  
  
list A list of current security topics  
  
  
query [topic] The email is treated as an inquiry and is forwarded to  
the Security Coordination Team  
  
  
report [topic] The email is treated as a security report and is  
forwarded to the Security Coordination Team. Please  
encrypt sensitive mail using Sun Security Coordination  
Team's PGP key  
  
  
send topic A short status summary or bulletin. For example, to  
retrieve a Security Bulletin #00138, supply the  
following in the subject line (not body):  
  
send #138  
  
  
subscribe Sender is added to our mailing list. To subscribe,  
supply the following in the subject line (not body):  
  
  
subscribe cws your-email-address  
  
Note that your-email-address should be substituted  
by your email address.  
  
unsubscribe Sender is removed from the CWS mailing list.  
________________________________________________________________________________  
  
  
Copyright 1999 Sun Microsystems, Inc. All rights reserved. Sun,  
Sun Microsystems, Solaris and SunOS are trademarks or registered trademarks  
of Sun Microsystems, Inc. in the United States and other countries. This  
Security Bulletin may be reproduced and distributed, provided that this  
Security Bulletin is not modified in any way and is attributed to  
Sun Microsystems, Inc. and provided that such reproduction and distribution  
is performed for non-commercial purposes.  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: 2.6.2  
  
  
iQCVAwUBN9ajGLdzzzOFBFjJAQH6UAP/TeqiirvcgwPXeDGhVZ+zhbtllptxwCto  
g9h++H1M8UN0WC5170OGNlGWTHqxVD3JwlIGwlev6ydvnDJCJg4ADXNnX7bW00rs  
B3lPPl/s82iTeUPV5CGN9S0ZNIb0H9IlsN8v/dZCLGv9+3SryF1WO3kPAeOJIzsJ  
C+AYwQ7ykEo=  
=k8ch  
-----END PGP SIGNATURE-----  
`