COMMAND

    /usr/bin/solstice

SYSTEMS AFFECTED

    Solaris 2.5

PROBLEM

    /usr/bin/solstice  is  a  program   launcher  under  solaris   2.5
    Unfortunately, for  some reason,  it is  distributed set-gid  bin,
    and politely launches any programs without revoking this.

    Exploit:

    (ignore any warnings/errors along the way)
    /usr/bin/solstice
    click Launcher
    click Add Applications
    fill in  any arbitary  things for  the fields,  stick the  program
    you want to run  as setgid bin (or  create a sgid shell)  click on
    the icon which appears with your app name.

SOLUTION

    The vulnerabilities relating to  AdminSuite 2.1 and 2.2  are fixed
    by the following patches:

    AdminSuite version  Patch ID
    ------------------  --------
        2.1 (sparc)     103235-08
        2.1 (x86)       103236-08
        2.2 (sparc)     103502-04
        2.2 (x86)       103503-03