[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 799/06 - Sun Alert Notification: Sun Alert ID: 102739 - Certain Solaris 10 Patches May Cause



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------------------------
       UNIRAS (UK Government CERT) Briefing - 799/06 Dated 04.12.06 Time 11:30  

UNIRAS is part of NISCC (the UK National Infrastructure Security  Co-ordination Centre)
---------------------------------------------------------------------------------------
 	UNIRAS material is available from the NISCC website at www.niscc.gov.uk
---------------------------------------------------------------------------------------

Title
=====

Sun Alert Notification: Sun Alert ID: 102739 - Certain Solaris 10 Patches May Cause 
usermod(1M) and Related Commands to Terminate With an Error

Detail
======

Installation of certain Solaris 10 patches as listed in section 2.
below may cause the following commands to fail.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             

                        ESB-2006.0882 -- [Solaris]
       Certain Solaris 10 Patches May Cause usermod(1M) and Related
                    Commands to Terminate With an Error
                              4 December 2006

===========================================================================

      

Product:              useradd
                      usermod
                      userdel
                      roleadd
                      rolemod
                      roledel
                      groupadd
                      groupmod
                      groupdel
Publisher:            Sun Microsystems
Operating System:     Solaris 10
Impact:               Denial of Service
Access:               Existing Account

Original Bulletin:
  http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102739-1

- - --------------------------BEGIN INCLUDED TEXT--------------------

Sun(sm) Alert Notification
     * Sun Alert ID: 102739
     * Synopsis: Certain Solaris 10 Patches May Cause usermod(1M) and
       Related Commands to Terminate With an Error
     * Category: Availability
     * Product: Solaris 10 Operating System
     * BugIDs: 6489363
     * Avoidance: Workaround
     * State: Workaround
     * Date Released: 01-Dec-2006
     * Date Closed: 
     * Date Modified: 

1. Impact

   Installation of certain Solaris 10 patches as listed in section 2.
   below may cause the following commands to fail.

  useradd(1M)
  usermod(1M)
  userdel(1M)
  roleadd(1M)
  rolemod(1M)
  roledel(1M)
  groupadd(1M)
  groupmod(1M)
  groupdel(1M)

   This issue is due to these patches requiring a version of the Kernel
   patch which is not yet available.

2. Contributing Factors

   This issue occurs on the following releases:

   SPARC Platform
     * Solaris 10 with patch 120050-03 or 120050-04

   x86 Platform
     * Solaris 10 with patch 120051-03 or 120051-04

   Note: Solaris 8 and 9 are not impacted by this issue.

3. Symptoms

   When any of the affected commands are used, an error similar to the
   following will be seen:
  ld.so.1: useradd: fatal: libc.so.1: version `SUNW_1.22.2' not found (required by file /usr/sbin/useradd)
  ld.so.1: useradd: fatal: libc.so.1: open failed: No such file or directory
  Killed

   This applies to these commands:

  /usr/sbin/useradd
  /usr/sbin/usermod
  /usr/sbin/userdel
  /usr/sbin/roleadd
  /usr/sbin/rolemod
  /usr/sbin/roledel
  /usr/sbin/groupadd
  /usr/sbin/groupmod
  /usr/sbin/groupdel

   The error text is the same for all commands, except for the command
   name shown in the error. 

4. Relief/Workaround

   To avoid this issue, do not install the affected patches listed in
   section 2.

   If these patches have been installed, they can be backed out using
   patchrm(1M).

5. Resolution

   A final resolution is pending completion.

   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
   YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
   OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
   This Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.

   Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBRXN5VSh9+71yA2DNAQK5fwP+NjkPUHHWNldKbcTzxvK8+fu6phxRb4Fd
Z4XbNES0dd76avIZbbhT4At9OW6CXXf6sJYdIbkoUyuR5LG2yCE2OHmStMshl/Vk
XYaFyUIT3tHJwv2V2sUQMEjKvitPcZ4epOod/Qx2uCJROoTQmM5KRPVu3yJ83phX
6MJBBwkCBlw=
=bwL6
- -----END PGP SIGNATURE-----



- ---------------------------------------------------------------------------------------
NISCC values your feedback.

1. Which of the following most reflects the value of the briefing to you?
   (Place an 'X' next to your choice)

	Very useful:__ Useful:__ Not useful:__ 

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our briefings?


Thank you for your contribution.
- ---------------------------------------------------------------------------------------

For additional information or assistance, please contact our help desk by telephone.  
You may send Not Protectively Marked information via e-mail to uniras@xxxxxxxxxxxxx

Office hours:

Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749

On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts

- ---------------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Sun for the information contained 

in this briefing.
- ---------------------------------------------------------------------------------------

This notice contains information released by the original author. Some of the 
information may have changed since it was released. If the vulnerability affects you, 
it may be prudent to retrieve the advisory from the site of the original source to 
ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade name, 
trademark manufacturer, or otherwise, does not constitute or imply its endorsement, 
recommendation, or favouring by UNIRAS or NISCC. The views and opinions of authors 
expressed within this notice shall not be used for advertising or product endorsement 
purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors or omissions 
contained within this briefing notice. In particular, they shall not be liable for 
any loss or damage whatsoever, arising from or in connection with the usage of 
information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) and has 
contacts with other international Incident Response Teams (IRTs) in order to foster 
cooperation and coordination in incident prevention, to prompt rapid reaction to 
incidents, and to promote information sharing amongst its members and the community at 
large.
- ---------------------------------------------------------------------------------------
<End of UNIRAS Briefing>



-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRXQGFml7oeQsXfKvEQLNxACfVocSSE8/Co3WPiv5bKuK0yRC9ksAn3YR
xoGgbBA+2BR0ZL7fZQIwyUXO
=nTw1
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________