| Document ID: | 57657 |
| Title: | Document ID 57657 |
| Synopsis: | Security Vulnerability When Using LDAP In Conjunction With RBAC |
| Update Date: | 2004-10-18 |
Sun(sm) Alert Notification
-
Sun Alert ID: 57657
-
Synopsis: Security Vulnerability When Using LDAP In Conjunction With RBAC
-
Category: Security
-
Product: Solaris
-
BugIDs: 4966423
-
Avoidance: Patch, Workaround
-
State: Resolved
-
Date Released: 18-Oct-2004
-
Date Closed: 18-Oct-2004
-
Date Modified:
1. Impact
On systems where Lightweight Directory Access Protocol (LDAP, see ldap(1)) is used in conjunction with Role Based Access Control (RBAC, see rbac(5)), unprivileged local users may have the ability to execute certain commands with "superuser" (root) privileges.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
x86 Platform
Notes:
-
Systems are only impacted when using LDAP in conjunction with RBAC .
-
Solaris 7 is not affected by this issue.
This configuration can be determined by the RBAC related entries in the "/etc/nsswitch.conf" file, which will contain lines with one or more of the following type of entries:
auth_attr: ldap files
prof_attr: ldap files
user_attr: ldap files
3. Symptoms
There are no predictable symptoms that would indicate the described issue has been exploited.
4. Relief/Workaround
To work around the described issue, configure the system to use "local" files instead of LDAP for RBAC configuration. RBAC related entries in the "/etc/nsswitch.conf" file should be modified as follows:
auth_attr: files
prof_attr: files
user_attr: files
Note: With this workaround, LDAP functionality will be disabled for the RBAC database and all RBAC related data will be queried from "local" files instead of through LDAP.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
x86 Platform
This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use.
This Sun Alert notification may only be used for the purposes contemplated by these agreements.
Copyright 2000-2004 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.