Vigil@nce: Solaris, privilege elevation via clsetup
September 2009 by Vigil@nce
When Solaris Cluster 3.2 is installed, a local attacker can use
clsetup to elevate his privileges.
– Severity: 2/4
– Consequences: administrator access/rights
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 23/09/2009
IMPACTED PRODUCTS
– Sun Solaris
DESCRIPTION OF THE VULNERABILITY
The clsetup utility is used to configure the Solaris Cluster 3.2
product.
The SUNWsczu (Sun Cluster Zones Extension User) package installs
/usr/cluster/bin/clsetup (as well as other programs) as suid root.
A local attacker can use clsetup to elevate his privileges.
Technical details are unknown.
CHARACTERISTICS
– Identifiers: 267148, 6810281, BID-36486, VIGILANCE-VUL-9043
– Url: http://vigilance.fr/vulnerability/Solaris-privilege-elevation-via-clsetup-9043