| document id | Synopsis | Date | ||
| 57581 | Systems With Enterprise Storage Manager 2.1 Installed May Allow an Unprivileged Local User to Gain Root Acess | 21 Jun 2004 |
| Description | Top |
A local unprivileged user may be able to gain unauthorized root access on systems with Sun StorEdge Enterprise Storage Manager (ESM) 2.1 installed.
This issue can occur in the following releases:
SPARC Platform
This issue only occurs when a non-root user has been assigned the "ESMUser" role on the management station. (See the "Relief/Workaround" section below for information on how to determine if a user has been assigned the "ESMUser" role.)
Note 1: ESM versions 1.2 and 2.0 are not affected by this issue.
Note 2: ESM is not supported on the x86 platform.
There are no predictable symptoms that would indicate the described issue has been exploited to gain unauthorized root access to the system.
| Solution Summary | Top |
Until patches can be applied, sites may want to remove the "ESMUser" role from all non-root users.
To determine if a user has been assigned the "ESMUser" role, use the following command:
# roles `logins -o | cut -f1 -d:` | grep ESMUser
This command will list the output in the form of:
<username> : <role list>
For example:
# roles `logins -o | cut -f1 -d:` | grep ESMUser
root : ESMUser
ESMUser : No roles
demo : ESMUser
perf : ESMUser If "ESMUser" does not appear in the role list for any non-root username, then no further action is needed. However, if "ESMUser" does appear on the role list for a non-root username, remove it by running the following command:
# /opt/SUNWstm/bin/esm_user -r <username>
Given the example above, the corresponding commands to run would be:
# /opt/SUNWstm/bin/esm_user -r demo
Removing ESMUser role from local user: demo ...
Restarting name service cache daemon and smcwebserver...
Restarting smcwebserver...
Shutting down Sun(TM) Web Console Version 2.0.2...
Starting Sun(TM) Web Console Version 2.0.2...
See /var/log/webconsole/console_debug_log for server logging information
# /opt/SUNWstm/bin/esm_user -r perf
Removing ESMUser role from local user: perf ...
Restarting name service cache daemon and smcwebserver...
Restarting smcwebserver...
Shutting down Sun(TM) Web Console Version 2.0.2...
Starting Sun(TM) Web Console Version 2.0.2...
See /var/log/webconsole/console_debug_log for server logging information Note: There is no need to run the "esm_user -r" command against the "ESMUser" username; only run it against other non-root usernames with "ESMUser" in their role list.
This issue is addressed in the following releases:
SPARC Platform
This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.
Copyright 2000-2004 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
| Applies To | (none) |
| Attachments | (none) |