COMMAND

    eeprom

SYSTEMS AFFECTED

    Solaris 2.x

PROBLEM

    The eeprom program  changes or displays  the values of  parameters
    in  EEPROM.   The   EEPROM  (Electrically  erasable   programmable
    read-only memory)  is a  non-volatile PROM  that holds information
    about the current system configuration, alternate boot paths,  and
    other  information.  Due  to   insufficient  bounds  checking   on
    arguments  passed  to  the  eeprom  program,  it  is  possible  to
    overwrite  the  internal  stack  space  of  eeprom  while  it   is
    executing.   Since  eeprom   has  setgid  bin  permissions,   this
    vulnerability may  allow non-privileged  users to  gain privileged
    access, including root privileges.

SOLUTION

    The vulnerability in eeprom is fixed by the following patches:

        OS version              Patch ID
        ----------              --------
        SunOS 5.5.1             104795-01
        SunOS 5.5               104796-01
        SunOS 5.4               104798-01
        SunOS 5.3               104797-01

    Intel  x86  systems  do  not  have  the eeprom program and are not
    affected by this vulnerability.