Notified:  June 12, 2001 Updated: August 28, 2002

Status

Affected

Vendor Statement

Sun can confirm that the 'ptexec' binary which is part of the unbundled SunVTS product, (see http://www.sun.com/oem/products/vts), is shipped setuid in the following SunVTS versions and does contain a buffer overflow: VTS version Solaris Release SunVTS 4.0 Solaris 8 FCS, Solaris 8 Update 1 (06/00) SunVTS 4.1 Solaris 8 Update 2 (10/00) SunVTS 4.2 Solaris 8 Update 3 (01/01) A local unprivileged user may be able to gain unauthorized root privileges due to the buffer overflow in 'ptexec'. The 'ptexec' binary has been removed from the SunVTS product starting with SunVTS4.3 (shipped with Solaris 8 Update 4 - 04/01). Thus, SunVTS releases from 4.3 onwards do not install the ptexec binary. Patches are being generated for this issue and Sun will be publishing a Sun Alert for this issue, both of which will be available here: http://sunsolve.sun.com Upgrading to a later release of SunVTS, version 4.3 or later, will also address this vulnerability. SunVTS is available from: http://www.sun.com/oem/products/vts

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.