Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Two Sun Microsystems Security Alerts

Feb 2, 2004 8:12PM PST

Detail
======

1. A local unprivileged user with a custom rights profile (see profiles(1)) may be able to execute a profile command with greater privileges than originally assigned, if the execution profiles database (exec_attr(4)) contains an invalid entry for that custom rights profile.


2. On SPARC based Solaris systems, a security vulnerability in the tcsetattr(3C) library function may
allow an unprivileged local user the ability to hang the system hard which is a type of Denial of Service (DoS).

Complete information at http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-3904.txt

Discussion is locked