[virusinfo] Local vulnerability in Sun Solaris libc - 06-08-05

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Wed, 08 Jun 2005 13:10:39 -0700

From; Panda Oxygen3 24h-365d wrote:

"A hero is no braver than an ordinary man,
            but he is braver five minutes longer." 
     Ralph Waldo Emerson, (1803-1882) US essayist & poet.

         - Local vulnerability in Sun Solaris libc -
 Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, June 8, 2005 - Sun has reported, at
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101740-1, a
vulnerability in the Sun Solaris 10 'libc' and 'libproject' libraries,
which could allow a local attacker to gain additional system privileges.

The problem lies in the possibility of a local user calling
'libproject(3LIB)' to exploit a flaw in the 'libc(3LIB)' function
'__init_suid_priv()' to gain additional privileges and even obtain root
access.

Sun has released the following updates:

- For the SPARC platform:
http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=119689-02&method=h

- For the x86 platform:
http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=118345-03&method=h

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If
this happens, just use the 'cut' and 'paste' options to join the pieces of
the URL.

------------------------------------------------------------ 

The 5 viruses most frequently detected by Panda ActiveScan, Panda
Software's free online scanner: 1)Qhost.gen; 2)Netsky.P; 3)Sdbot.ftp;
4)Mhtredir.gen; 5)Shinwow.E.

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Local vulnerability in Sun Solaris libc - 06-08-05

1. Home
2. virusinfo
3. Archive
4. 06-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---