[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Sun Security Bulletin #00200

Title: Sun Security Bulletin #00200
Released by: Sun
Date: 12th January 2001
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----



________________________________________________________________________________

     Sun Microsystems, Inc. Security Bulletin



Bulletin Number: #00200

Date: January 12, 2001

Cross-Ref: Bugtraq ID 2193

Title: arp

________________________________________________________________________________



The information contained in this Security Bulletin is provided "AS IS."

Sun makes no warranties of any kind whatsoever with respect to the information

contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,

REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT OR

IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE

HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.



IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,

PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL

OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF LIABILITY

ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED IN

THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED OF

THE POSSIBILITY OF SUCH DAMAGES.



If any of the above provisions are held to be in violation of applicable law,

void, or unenforceable in any jurisdiction, then such provisions are waived

to the extent necessary for this disclaimer to be otherwise enforceable in

such jurisdiction.

________________________________________________________________________________



1.  Bulletins Topics



    Sun announces the release of patches for Solaris(tm) 7, 2.6, 2.5.1,

    2.5, and 2.4 (SunOS(tm) 5.7, 5.6, 5.5.1, 5.5, and 5.4) which relate

    to a setgid vulnerability in arp.



2.  Who is Affected



    Versions of arp in Solaris prior to Solaris 8





    Vulnerable:     Solaris 7, 7_x86, 2.6, 2.6_x86, 2.5.1,

                                2.5.1_x86, 2.5, 2.5_x86, 2.4, 2.4_x86

    Not vulnerable: Solaris 8.



3.  Understanding the Vulnerability



    The arp program displays and modifies the Internet-to-Ethernet address

    translation tables used by the address resolution protocol (arp).  Prior

    to Solaris 8, arp was setgid making it susceptible to certain setgid

    attacks.



    A malicious user could overflow the stack and execute shellcode which

    could allow unauthorized root access.



4.  List of Patches



    The following patches are available in relation to the above problem.



    OS Version Patch ID

    __________ _________

    SunOS 5.7 109709-01

    SunOS 5.7_x86    109710-01

    SunOS 5.6 109719-01

    SunOS 5.6_x86 109720-01

    SunOS 5.5.1 109721-01

    SunOS 5.5.1_x86 109722-01

    SunOS 5.5 109707-01

    SunOS 5.5_x86 109708-01

    SunOS 5.4         109723-01

    SunOS 5.4_x86 109724-01

________________________________________________________________________________

Sun acknowledges, with thanks, Dave Ahmed of Security-Focus.com and Pablo Sor

from the AFIP Computer Security Department for their assistance with this

matter.

http://www.securityfocus.com/bid/2193

________________________________________________________________________________

APPENDICES



A.  Patches listed in this bulletin are available to all Sun customers at:



    http://sunsolve.sun.com/securitypatch



B.  Checksums for the patches listed in this bulletin are available at:



    http://sunsolve.sun.com/pub/patches/CHECKSUMS



C.  Sun security bulletins are available at:



    http://sunsolve.sun.com/security



D.  Sun Security Coordination Team's PGP key is available at:



    http://sunsolve.sun.com/pgpkey.txt



E.  To report or inquire about a security problem with Sun software, contact

    one or more of the following:



        - Your local Sun answer centers

        - Your representative computer security response team, such as CERT

        - Sun Security Coordination Team. Send email to:



     security-alert@sun.com



F.  To receive information or subscribe to our CWS (Customer Warning System)

    mailing list, send email to:



    security-alert@sun.com



    with a subject line (not body) containing one of the following commands:



        Command         Information Returned/Action Taken

        _______         _________________________________



        help            An explanation of how to get information



        key             Sun Security Coordination Team's PGP key



        list            A list of current security topics



        query [topic]   The email is treated as an inquiry and is forwarded to

                        the Security Coordination Team



        report [topic]  The email is treated as a security report and is

                        forwarded to the Security Coordination Team. Please

                        encrypt sensitive mail using Sun Security Coordination

                        Team's PGP key



        send topic      A short status summary or bulletin. For example, to

                        retrieve a Security Bulletin #00138, supply the

                        following in the subject line (not body):



                                send #138



        subscribe       Sender is added to our mailing list.  To subscribe,

                        supply the following in the subject line (not body):



                            subscribe cws your-email-address



                        Note that your-email-address should be substituted

                        by your email address.



        unsubscribe     Sender is removed from the CWS mailing list.

________________________________________________________________________________



Copyright 2001 Sun Microsystems, Inc. All rights reserved. Sun,

Sun Microsystems, Solaris and SunOS are trademarks or registered trademarks

of Sun Microsystems, Inc. in the United States and other countries. This

Security Bulletin may be reproduced and distributed, provided that this

Security Bulletin is not modified in any way and is attributed to

Sun Microsystems, Inc. and provided that such reproduction and distribution

is performed for non-commercial purposes.



-----BEGIN PGP SIGNATURE-----

Version: 2.6.2



iQCVAwUBOl85oLdzzzOFBFjJAQHIsgP+P1kC4w1WfjwcdJWmIw+TspTNQ9GLBO1l

li1AFPw0DjzwI5rjxtJsJtsHjhFtlH23g179EKATTJwNTZd3VEt2qrXRpHrjmsHs

eX/mjP7r52zNtAOJ0l/bDYpfUww37MmGzc1GpNfMKqJ2+/c0I0+Kk+jxBMOPbe2B

LQCnZkoB1Cw=

=6x5K

-----END PGP SIGNATURE-----








(C) 1999-2000 All rights reserved.