Oracle Solaris 11 and Solaris 10 are vulnerable to arbitrary code execution if an attacker has read/write access to /proc/self in the process file system.
The process file system (/proc) in Oracle Solaris 11 and Solaris 10 provides a self/ alias that refers to the current executing process's PID subdirectory with state information about the process. Protection mechanisms for /proc in Solaris 11/10 did not properly restrict the current (self) process from modifying itself via /proc. For services strictly providing file IO this lack of restriction allows an attacker to modify the process providing the file IO and execute arbitrary code.
An authenticated attacker with read and write access to the /proc/self directory via a vulnerable service providing file IO, may be able to gain arbitrary code execution on a target host.
Apply an update
Oracle has released updates for Solaris 11 and Solaris 10 to address the vulnerability.
Restrict access to /proc
Thanks to the reporter who wishes to remain anonymous.
This document was written by Trent Novelly.
|Date First Published:||2019-07-17|
|Date Last Updated:||2019-07-17 10:14 UTC|