TITLE: Sun Solaris Process Environment Disclosure Security Issue SECUNIA ADVISORY ID: SA19426 VERIFY ADVISORY: http://secunia.com/advisories/19426/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: Sun Solaris 9 http://secunia.com/product/95/ Sun Solaris 8 http://secunia.com/product/94/ DESCRIPTION: A security issue has been reported in Solaris, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information. The security issue is caused due to the "/usr/ucb/ps" command revealing the environment variables and values of all processes to an unprivileged user when run with the "-e" option. This can potentially reveal certain information of processes that belong to the root user. The security issue has been reported in Solaris 8 and 9 on both the x86 and SPARC platforms. SOLUTION: Apply patches. -- SPARC Platform -- Solaris 8: Apply patch 109023-05 or later. Solaris 9: Apply patch 120240-01 or later. -- x86 Platform -- Solaris 8: Apply patch 109024-05 or later. Solaris 9: Apply patch 120239-01 or later, PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102215-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------