Vigil@nce: Solaris 10, privilege elevation via Trusted Extensions
January 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
When Solaris Trusted Extensions are enabled, a local attacker can
elevate his privileges.
Severity: 2/4
Consequences: administrator access/rights
Provenance: user shell
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 13/01/2010
IMPACTED PRODUCTS
– Sun Solaris
DESCRIPTION OF THE VULNERABILITY
Solaris Trusted Extensions uses the libgmodule library
(Glib-Dynamic loading of Modules).
However, this library is not installed by default. An attacker can
therefore create a malicious library with the same name, in order
to execute code when it is called by Solaris Trusted Extensions.
When Solaris Trusted Extensions are enabled, a local attacker can
thus elevate his privileges.
CHARACTERISTICS
Identifiers: 275410, 6902322, BID-37754, VIGILANCE-VUL-9346
http://vigilance.fr/vulnerability/Solaris-10-privilege-elevation-via-Trusted-Extensions-9346