===================================================================== CERT-Renater Note d'Information No. 2006/VULN113 _____________________________________________________________________ DATE : 29/03/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Sun Grid Engine/N1 Grid Engine. ====================================================================== Sun(sm) Alert Notification * Sun Alert ID: 102268 * Synopsis: Security Vulnerability in Sun Grid Engine/N1 Grid Engine rsh(1) Binary * Category: Security * Product: Sun N1 Grid Engine 6, Sun Grid Engine 5.3 * BugIDs: 6366691 * Avoidance: Patch * State: Resolved * Date Released: 27-Mar-2006 * Date Closed: 27-Mar-2006 * Date Modified: 1. Impact A security vulnerability in the Sun Grid Engine 5.3/N1 Grid Engine 6.0 rsh(1) binary may allow a local unprivileged user the ability to gain unauthorized root access. 2. Contributing Factors This issue can occur in the following releases: SPARC Platform * Sun Grid Engine 5.3 (32-bit Solaris) without patch 113136-06 * Sun Grid Engine 5.3 (64-bit Solaris) without patch 113137-06 * Sun Grid Engine 5.3 (32-bit Solaris) NON-Solaris Package format without patch 113849-06 * Sun Grid Engine 5.3 (64-bit Solaris) NON-Solaris Package format without patch 113850-06 * Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) without patch 113139-07 * Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) without patch 113140-07 * Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) NON-Solaris Package format without patch 113855-06 * Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) NON-Solaris Package format without patch 113856-06 * N1 Grid Engine 6.0 (32-bit Solaris) without patch 121956-01 * N1 Grid Engine 6.0 (64-bit Solaris) without patch 121957-01 * N1 Grid Engine 6.0 (32-bit Solaris) NON-Solaris Package format without patch 121960-01 * N1 Grid Engine 6.0 (64-bit Solaris) NON-Solaris Package format without patch 121961-01 x86 Platform * Sun Grid Engine 5.3 without patch 113138-07 * Sun Grid Engine 5.3 NON-Solaris Package format without patch 113851-06 * Sun Grid Engine Enterprise Edition 5.3 without patch 116658-03 * Sun Grid Engine Enterprise Edition 5.3 NON-Solaris Package format without patch 116659-03 * N1 Grid Engine 6.0 without patch 121958-01 * N1 Grid Engine 6.0 NON-Solaris Package format without patch 121962-01 * N1 Grid Engine 6.0 (x64) without patch 121959-01 * N1 Grid Engine 6.0 (x64) NON-Solaris Package format without patch 121963-01 Linux * Sun Grid Engine 5.3 without patch 113852-06 * Sun Grid Engine Enterprise Edition 5.3 without patch 113900-05 * Sun Grid Engine Enterprise Edition 5.3 (x64) without patch 117293-02 * N1 Grid Engine 6.0 without patch 121964-01 * N1 Grid Engine 6.0 (x64) without patch 121965-01 Windows * N1 Grid Engine 6.0 without patch 121971-01 HP-UX * N1 Grid Engine 6.0 without patch 121969-01 AIX * N1 Grid Engine 6.0 (for AIX 4.3) without patch 121966-01 * N1 Grid Engine 6.0 (for AIX 5.1) without patch 121967-01 MAC OS * N1 Grid Engine 6.0 without patch 121968-01 IRIX * N1 Grid Engine 6.0 (for IRIX 6.5) without patch 121970-01 3. Symptoms There are no predictable symptoms that would indicate the above described issues have been exploited. 4. Relief/Workaround To work around the described issue, configure ssh(1) as transport for "qrsh" and delete "$SGE_ROOT/utilbin/*/rsh". See: http://gridengine.sunsource.net/howto/qrsh_qlogin_ssh.html 5. Resolution This issue is addressed in the following releases: SPARC Platform * Sun Grid Engine 5.3 (32-bit Solaris) with patch 113136-06 or later * Sun Grid Engine 5.3 (64-bit Solaris) with patch 113137-06 or later * Sun Grid Engine 5.3 (32-bit Solaris) NON-Solaris Package format with patch 113849-06 or later * Sun Grid Engine 5.3 (64-bit Solaris) NON-Solaris Package format with patch 113850-06 or later * Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) with patch 113139-07 or later * Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) with patch 113140-07 or later * Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) NON-Solaris Package format with patch 113855-06 or later * Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) NON-Solaris Package format with patch 113856-06 or later * N1 Grid Engine 6.0 (32-bit Solaris) with patch 121956-01 or later * N1 Grid Engine 6.0 (64-bit Solaris) with patch 121957-01 or later * N1 Grid Engine 6.0 (32-bit Solaris) NON-Solaris Package format with patch 121960-01 or later * N1 Grid Engine 6.0 (64-bit Solaris) NON-Solaris Package format with patch 121961-01 or later x86 Platform * Sun Grid Engine 5.3 with patch 113138-07 or later * Sun Grid Engine 5.3 NON-Solaris Package format with patch 113851-06 or later * Sun Grid Engine Enterprise Edition 5.3 with patch 116658-03 or later * Sun Grid Engine Enterprise Edition 5.3 NON-Solaris Package format with patch 116659-03 or later * N1 Grid Engine 6.0 with patch 121958-01 or later * N1 Grid Engine 6.0 NON-Solaris Package format with patch 121962-01 or later * N1 Grid Engine 6.0 (x64) with patch 121959-01 or later * N1 Grid Engine 6.0 (x64) NON-Solaris Package format with patch 121963-01 or later Linux * Sun Grid Engine 5.3 with patch 113852-06 or later * Sun Grid Engine Enterprise Edition 5.3 with patch 113900-05 or later * Sun Grid Engine Enterprise Edition 5.3 (x64) with patch 117293-02 or later * N1 Grid Engine 6.0 with patch 121964-01 or later * N1 Grid Engine 6.0 (x64) with patch 121965-01 or later Windows * N1 Grid Engine 6.0 with patch 121971-01 or later HP-UX * N1 Grid Engine 6.0 with patch 121969-01 or later AIX * N1 Grid Engine 6.0 (for AIX 4.3)with patch 121966-01 or later * N1 Grid Engine 6.0 (for AIX 5.1)with patch 121967-01 or later MAC OS * N1 Grid Engine 6.0 with patch 121968-01 or later IRIX * N1 Grid Engine 6.0 (for IRIX 6.5) with patch 121970-01 or later Note: Sun provides support for Sun Grid Engine 5.3 on Solaris and Linux platforms only. For other platforms, binaries fixing this issue are provided as a courtesy on an "AS IS" basis at: * http://gridengine.sunsource.net/download.html This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================