Posting updated june 6, 20, with new solaris 10 kernel patchids 150400xx sparc and 150401xx x86. Sun solaris sadmind arbitrary command execution vulnerability. How to get to solaris 10 patches post premier support. This could lead to local or remote unprivileged execution of arbitrary code with root privilege. The issue affects versions 7, 8 and 9 of solaris, as well as trusted solaris 7 and 8, on both the sparc and x86. If there is insufficient space in var of an existing system, the recommended solution is to extend the size of the var partition. Patch installation instructions for solaris systems sun. Solaris patching documentation center oracle technology.
Minimum requirements for solaris 10 in guest ldoms on m7, s7, and t7 platforms minimum requirements for solaris 10 in guest ldoms on m7, s7, and t7. Sparc platform solaris 8 with patch 11645502 or later solaris 9 with patch 11645303 or later x86 platform solaris 8 with patch 11644202 or later solaris 9 with patch. As per the security advisory from sun microsystems, both x86 and sparc based solaris systems using the default sadmind service configuration are affected. Security issue involving the solaris sadmind1m daemon oracle. Minimum requirements for solaris 10 in guest ldoms on m7. Several operating system patches are required for the proper operation of the compilers and tools in the oracle developer studio 12. Sun solaris sadmind integer overflow vulnerability. Migration to an oracle solaris zone on an oracle solaris 11 host. Solaris 9 without patch 11645401 sites which have sadmind 1m enabled in nf4 with strong authentication s 2 are not affected by this issue.
Download the latest solaris 10 patches using patchfinder and find updated support content using the sunsolve knowledgebase. Sadmind removal symantec security response provides comprehensive internet protection expertise to guard against complex threats, information about latest new computer viruses and spyware. Verifying operating system patches on oracle solaris 10. Following topics are covered in this article for securing solaris. Sadmind, sadmind iis, unix sadmind, solaris sadmind. Sun does not plan on releasing a patch for this issue. The remote host is missing sun security patch number 11644201 description sunos 5. In the patch system test lab, we currently have solaris 10 systems with 7gb used in var and this will continue to grow over the lifetime of solaris 10. Sadmind iis worm introduction according the cnet s news. Solaris 10 patches and varsadmpkg oracle community. As far as i know patches were never made available for that. Solaris operating system version 10 305 to 10 1 u11 release 10. Solaris 10 extended support will run thru january 2021. Solaris 10 was originally launched in january 2005, and over its lifespan has introduced a ton of ground breaking features, like the zfs volume managerfilesystem, dtrace, zones, service management facility, trusted extensions and more.
Cert warns of worm that attacks sun, microsoft servers. An integer overflow may occur as the result of processing malformed parameters in an rpc request by the sadmind service, triggering memory corruption. Before applying patches, you might want to know more about patches that have been previously applied. List of solaris 10 patches which update the libc version. While many other vendors rely on sunrpc related routines from sun, this design issue is confined to suns sadmind authentication implementation in solaris. Configuring oracle solaris operating system for oracle database. Sun solaris 7, 8 and 9, and trusted solaris 7, 8 and 9 default installations of the sadmind daemon may allow a local or remote attacker to execute code with elevated privileges on the system. To disable sadmind 1m on a solaris system, do the following. Security issue involving the solaris sadmind1m daemon. By default, sadmind is installed and started at system boot time on most default and fully patched installations of solaris. It exploited vulnerabilities in both sun microsystems solaris security bulletin 00191 and microsofts internet information services ms00078, for which a patch had been made available seven months earlier. A false positive will usually be fixed in a subsequent database update without any action needed on your part. There were a total of 24 solaris 10 patches, including kernel updates, and 4 patchsets released on mos. The sadmind daemon is installed by default on most default installations of solaris.
The patches that are listed in this chapter have been applied to the solaris 10 operating system in one of the following ways. List of solaris 10 patches which update the libc version doc id 2069855. Oracle patches solaris 10 hole exploited by nsa spyware. Migration to an oracle solaris zone on an oracle solaris 10 host. Installing the required oracle solaris 10 patches oracle. Synopsis the remote host is missing sun security patch number 11645501 description sunos 5. The sun solaris sadmind daemon is included in the solstice adminsuite of tools and is used to manage distributed systems an attacker may submit malicious rpc requests to forge a new client identity. Solaris 7 without patch 11645601 trusted solaris 7 solaris 8 without patch 11645501 trusted solaris 8 0401 and 1202. Solaris 10 does not include sadmind and is not affected. I highly recommend upgrading to a current release, either solaris 10 update 9 or solaris 11 express. Sadmind is a worm, that propagates from a sun solaris machine to another. Then yes, youre running an old solaris express development release. Rapid7 insight is your home for secops, equipping you with the visibility, analytics, and automation you need to unite your teams and amplify efficiency. My understanding is that showrev p would show patches but not the date they were installed.
How to display information about solaris patches system. Checking the software requirements for oracle solaris. The sadmind program is installed in usrsbin and can be used to coordinate distributed. The solaris 10 operating system introduced the new concept of zones. As usual, weve released a patchset of all the patches contained in solaris 10 1 update 11. Com, a list of 8,800 internet addresses were sent to in the first three weeks in may of 2001. Shows all patches that have been applied to the system. The way to do this is, we reencapsulate the unencapsulated rootmirror disk under svm and mirror it with the original root disk.
Oracle solaris 10 1 update 11 patch bundle for sparc systems. How to check solaris release and default kernel version. Sun solaris 10 with the 12001104 and 12001204 patches, and later 120011 and 120012 patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via nfs requests from a client root user. Solaris 9 is the last os version to support sadmind. A buffer overflow security vulnerability in the solaris sadmind1m.
This does not affect solaris 10 or opensolaris which does not come with sadmind. Among the trove is a patch for cve20173622, a local privilege escalation hole in the common desktop environment on solaris 10 that is. Nfs is a clientserver service that lets users view, store, and update. Multiple vulnerabilities in the solaris 8 and 9 sadmind1m.
Solaris 10 and opensolaris do not ship with sadmind1m and therefore are not affected. The remote host is missing a patch containing a security fix, which affects the following components. Oracle patches solaris 10 hole exploited by nsa spyware tool and. The remote host is missing sun security patch number 12573115 nessus plugin id 126717. Sun solaris 10 with the 12001104 and 12001204 patches, and later. Heapbased buffer overflow in sadmind in sun solaris 8 and 9 allows remote attackers. Analysis of the oracle solaris configuration, including networking, storage, and oracle solaris operating system features in use. But eventually all good things must continue reading how to get to solaris 10 patches post premier support. Solaris sadmind remote buffer overflow solaris remote. Solaris operating system version 10 9 10 u9 and later.
To determine if sadmind 1m is enabled on the system, the following command can be run. It exploited vulnerabilities in both sun microsystems solaris security bulletin 00191 and microsofts internet information services ms00078, for which a patch had been made available. Solaris 10 1 patchset released and latest solaris 10. Solaris 10 1008 operating system patch list solaris 10. Solaris 8 and 9 sadmind contains heap and integer overflow vulnerabilities. The sadmind program is installed by default in solaris 2. The vulnerability is due to improper processing of input in rpc requests.
In the case a system has multiple solaris 10 update patch bundles installed, the etcrelease file will contain only a single patch bundle identification line, and this will corresponds to the newest patch bundle installed on the system. Does anyone know of a command that would show the list of patches installed and the date it was installed. Sadmind is an internet worm that infects solaris servers, and is also able to modify pages on microsoft iis servers running on windows nt 4. An unauthenticated, remote attacker could exploit this vulnerability by sending a malicious request to the system. When patches are installed under solaris 8, the directory varsadmpkg is populated with the uninstall information for the relevant packages. Consequently, the patchadd command includes the new g option, which adds a patch only to the global zone.
I manage a number of solaris boxes in our department. This patch installation utility cannot be used to apply solaris 1 patches. Solaris 10 10 08 also includes virtualization enhancements including the ability for a solaris container to automatically update its environment when moved from one system to another, logical domains support for dynamically reconfigurable disk and network io, and paravirtualization support when solaris 10 is used as a guest os in xenbased. Patches released after the solaris 10 10 08 release can be found on the my oracle support. How to configure shared memory parameters in solaris 10. The sadmind daemon is installed by default on certain solaris operating systems, and on systems with sun solstice adminsuite installed. The sun patch page provides all the patches for your specific system configuration. After this promotion ends, solaris 10 security fixes will remain available to everyone. These patches are located in the var sadm patch directory on an installed system. Remote root exploitation of default solaris sadmind setting. It exploited flaws that had been patched by both microsoft and sun microsystems for over a year, highlighting the importance of always getting system updates as soon as they come out. For a limited time sunsolve will provide access to all solaris 10 patches.
1333 981 583 1678 322 1562 603 1295 1380 269 1027 216 833 839 1071 39 1264 1298 1119 1124 1276 227 1649 539 1394 672 1145 738 1662 229 1317 170 600 1258 469 536 224 46 1433 340