COMMAND

    sysdef

SYSTEMS AFFECTED

    SunOS 5.5.1, 5.5.1_x86, 5.5, 5.5_x86, 5.4, 5.4_x86, 5.3

PROBLEM

    The sysdef command displays the current system definition, listing
    hardware  devices,  pseudo   devices,  system  devices,   loadable
    modules, and  values of  selected kernel  tunable parameters. This
    vulnerability,  if  exploited,  allows  unprivileged users to read
    kernel  memory  which  may  contain  sensitive information such as
    unencrypted  passwords.   Attackers   can  subsequently  use   the
    information to gain root access.

SOLUTION

    The vulnerability is fixed in  Solaris 2.6.  The vulnerability  in
    sysdef is fixed by the following patches:

        OS version          Patch ID
        __________          ________
        SunOS 5.5.1         105092-01
        SunOS 5.5.1_x86     105093-01
        SunOS 5.5           105101-01
        SunOS 5.5_x86       105102-01
        SunOS 5.4           105099-01
        SunOS 5.4_x86       105100-01
        SunOS 5.3           105205-01