| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability alert CVE-2009-2430
Solaris: privilege elevation via auditconfig
Synthesis of the vulnerability
| A local attacker with a RBAC execution profile can use auditconfig to elevate his privileges. |
Severity: 1/4.
Creation date: 26/06/2009.
|
Impacted products
Description of the vulnerability
A user with the "Audit Control" RBAC profile is allowed to run the /usr/sbin/auditconfig command. This command is used to read and set audit parameters of the kernel.
The "-setasid", "-setaudit" and "-setauid" arguments of auditconfig execute commands with an indicated session-ID, term-ID or audit-ID.
However, the execit() function of the usr/src/cmd/auditconfig/auditconfig.c file uses the SHELL environment variable to launch the command. A local attacker can therefore change this environment variable to force auditconfig to execute his wanted command.
A local attacker with a RBAC execution profile can thus use auditconfig to elevate his privileges. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Solaris: privilege elevation via auditconfig.
Keywords: Audit Control RBAC SHELL Solaris audit-ID auditconfig elevation privilege session-ID term-ID.
Identifiers: 262088, 6414737, BID-35501, CVE-2009-2430, VIGILANCE-VUL-8826.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
Vigil@nce provides networks vulnerabilities bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system.
|
