Ispravljen je sigurnosni nedostatak u radu operacijskog sustava Solaris. Riječ je o Unix operacijskom sustavu kojeg je razvila tvrtka Sun Microsystems. Sigurnosni problem uzrokuje pohrana datoteke "undo.Z" za određene pakete s nesigurnim dozvolama u /varsadm/pkg/<ime_paketa>/save/<id_zakrpe> direktoriju. Opisanu ranjivost mogu iskoristiti zlonamjerni, lokalni korisnici za otkrivanje osjetljivih informacija poput sažetaka lozinki root korisnika i svih drugih korisnika navedenog operacijskog sustava. Kao rješenje, preporučuje se primjena izdane zakrpe operacijskog sustava.

Oracle Solaris Backout File Insecure Permissions Security Issue
Secunia Advisory 	SA44047 	
Release Date 	2011-04-06 
Criticality level 	Not criticalNot critical
Impact 	Exposure of sensitive information
Where 	Local system
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Patch
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Operating System	
	Sun Solaris 10

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2011-0412 CVSS available in Customer Area
	   	

Description

A security issue has been reported in Solaris, which can be exploited by malicious, local users to disclose sensitive information.

The security issue is caused due to the "undo.Z" backout file being stored with insecure permissions in /var/sadm/pkg/<pkgname>/save/<patchid>/ for certain packages. This can be exploited to extract the file, which may contain password hashes of the root and other users.

Solution
Apply patch 119254-80. Please contact the vendor for more information.

Provided and/or discovered by
Michael Rutkowski, Duer Advanced Technology and Aerospace via US-CERT.

Original Advisory
US-CERT:
http://www.kb.cert.org/vuls/id/648244