Multiple Solaris vulns reported

We've got denials of service, buffer overflows and root compromises, and we're frankly shocked, shocked, to report it. According to eSecurityOnline, your Solaris system is screwed six ways to Sunday, though we'll note that the majority of stuff-ups they cite are not remotely exploitable. Which is something.

First up, we have two vulns involving the cachefsd daemon: a DoS condition which is remotely exploitable, and a buffer overflow which is locally exploitable and which may lead to a root compromise. Current workarounds are to disable cachefsd or to block RPC (Remote Procedure Call) services at the firewall.

Next, we have two admintool vulns, one buffer overflow condition exploiting the media installation path which could allow a local attacker to gain root privileges, and one leveraging the -d command line option or the PRODVERS .cdtoc file variable which may also allow a local attacker to get root. For a workaround, remove the setuid bit from the binary, e.g.,
chmod -s /usr/bin/admintool.

We have also a dtprintinfo help vuln which is exploitable locally for a buffer overflow and which might allow a root compromise. In this case it's necessary to locate and install the relevant patch. Finally, we have an lbxproxy vulnerability which can also be exploited locally for a root compromise. For a workaround, remove the setgid bit from the program, e.g.,
chmod -s /usr/openwin/bin/lbxproxy. ®

Related Links

Mess One
Mess Two
Mess Three
Mess Four
Mess Five
Mess Six