 A vulnerability has been reported in Solaris, which potentially can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to an unspecified error making it possible to load a malicious GSS-API (Generic Security Service Application Program Interface) via a privileged GSS-API application linked against the libgss library.
NOTE: The vendor reports that Solaris by default doesn't include any privileged applications linked against the libgss library.
OPERATING SYSTEM:
Sun Solaris 9
Sun Solaris 8
Sun Solaris 7
SOLUTION:
Apply patches.
-- SPARC Platform --
Solaris 7:
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-107293-02-1
Solaris 8:
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-109223-06-1
Solaris 9:
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-112907-04-1
-- x86 Platform --
Solaris 7:
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-107294-02-1
Solaris 8:
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-109224-06-1
Solaris 9:
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114263-02-1
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57734-1
VERIFY ADVISORY:
http://secunia.com/advisories/14971/
Secunia Security Advisories
| 
Contribute :
Advanced Search :
Web Resources :
Polls :
File Repository
