COMMAND

    ufsdump/ufsrestore

SYSTEMS AFFECTED

    Solaris 2.6

PROBLEM

    Eugene Bradley found following.   He found overflow  vulnerability
    that  can  be  exploited  to  obtain  root  access.  Both binaries
    produced a SIGSEGV in the tape device arguement when it exceeds  a
    certain fixed length.  To see, do:

        /usr/lib/fs/ufs/ufsdump 1 `perl -e 'print "a" x 2000'`
        /usr/lib/fs/ufs/ufsrestore xf `perl -e 'print "a" x 2000'`

SOLUTION

    This will be fixed in Solaris 2.7.  Temp solution is:

        quackers# chmod ug-s /usr/lib/fs/ufs/ufsdump
        quackers# chmod u-s /usr/lib/fs/ufs/ufsrestore

    Trial binary available for testing.   Sun is currently working  on
    more complete  fix.   If fix  goes on  schedule, it  will be about
    available by the end of June 1998.