CENTER.HU groups
CENTER.HU address

User:

Guest

www.center.hu / Archive / Security news / june, 2006 / Vulnerability in Sun StorADE Version 2.4 

Vulnerability in Sun StorADE Version 2.4

Vulnerability in Sun StorADE Version 2.4

Madrid, June 6 2006 - Sun has reported, at this site , a security vulnerability in Sun Storage Automated Diagnostic Environment (StorADE), that could allow a local user to run code with the privileges of another user on vulnerable systems.

The flaw stems from incorrect file and directory permissions in the SUNWstadm package of the Sun StorADE (Sun Storage Automated Diagnostic Environment) software. A local user without privileges could be able to run arbitrary code with another user´s advanced privileges (including root).

To avoid this vulnerability, Sun recommends running the following commands within the ˝Lockhart˝ directory:

# find /var/opt/webconsole/webapps/storade -type d -exec chmod 755 {} ; # find /var/opt/webconsole/webapps/storade -type f -exec chmod 644 {} ;

Sun has also published an upgrade for SPARC systems:

Storage Automated Diagnostic Environment (StorADE) 2.4 (for Solaris 8, 9 and 10):
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-117654-60-1


Oxygen3 24h-365d
by Panda Software

Back



Copyright © CENTER.HU Ltd, 2000-2010. All rights reserved

sitemap | privacy policy |

copyrights | new pages |

terms of purchase | contact us


PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel