_________________________________________________________

          DePaul University Computer Security Response Team

                           C   S   R   T

                       <security@depaul.edu>
                   <http://security.depaul.edu/>
      _________________________________________________________


               Computer Security Vulnerability Alert

_____________________________________________________________________
11:37 -0500                                                2003-07-29


SUMMARY    Buffer Overflow in Sun Solaris Runtime Linker

SEVERITY   High

PLATFORM   Sparc Architectures

             Solaris 2.6 with patch 107733-10 
                without patch 107733-11
             Solaris 7 with patches 106950-14 through 106950-22 
                without patch 106950-23
             Solaris 8 with patches 109147-07 through 109147-24 and
                without patch 109147-25
             Solaris 9 without patch 112963-09

           X86 Architectures

             Solaris 2.6 with patch 107734-10 
                without patch 107734-11             
             Solaris 7 with patches 106951-14 through 106951-22
                without patch 106951-23
             Solaris 8 with patches 109148-07 through 109148-24
                without patch 109148-25
             Solaris 9 without patch 113986-05                       

IMPACT     Command execution within a non-executable stack, possibly
           leading to local elevated privileges.

SCOPE      All University workstations and servers running the
           forementioned, vulnerable, versions of Solaris.

DETAILS    An overflow exists in the ld.so.1 dynamic runtime linker
           found in the Solaris operating environment. A large
           value may be passed to the LD_PRELOAD environmental
           variable that causes the runtime linker to overflow a 
           stack based buffer.

           The non-executable stack under Solaris will mitigate, not
           prevent, command execution of this buffer overflow. Only the
           vendor supplied patch will limit the effect of this
           vulnerability.

DAMAGE     Local exploit of vulnerable systems: Loss of confidentiality.
           Possible theft or manipulation of sensitive data.
           
EXPLOIT    A proof of concept exploit has been developed by the security
           research group, iDEFENSE. At this time, there are no exploits
           available. CSRT will continue to monitor our normal channels
           and report if a remote exploit becomes availble.
           
ALERTID    CSRT2003072901

REVISION   

   Id: csrt-va2003072901.txt,v 1.1 2003/07/29 16:37:45 epancer Exp  

______________________________________________________________________

MORE
INFO

Sun Microsystems Alert Notification

  <http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55680>

iDEFENSE Vulnerability Alert

  <http://www.idefense.com/advisory/07.29.03.txt>

______________________________________________________________________
_____________________________END OF ALERT_____________________________