[SA19426] Sun Solaris Process Environment Disclosure Security Issue

TITLE:
Sun Solaris Process Environment Disclosure Security Issue

SECUNIA ADVISORY ID:
SA19426

VERIFY ADVISORY:
http://secunia.com/advisories/19426/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
Local system

OPERATING SYSTEM:
Sun Solaris 9
http://secunia.com/product/95/
Sun Solaris 8
http://secunia.com/product/94/

DESCRIPTION:
A security issue has been reported in Solaris, which can be exploited
by malicious, local users to gain knowledge of potentially sensitive
information.

The security issue is caused due to the "/usr/ucb/ps" command
revealing the environment variables and values of all processes to an
unprivileged user when run with the "-e" option. This can potentially
reveal certain information of processes that belong to the root
user.

The security issue has been reported in Solaris 8 and 9 on both the
x86 and SPARC platforms.

SOLUTION:
Apply patches.

– SPARC Platform –

Solaris 8:
Apply patch 109023-05 or later.

Solaris 9:
Apply patch 120240-01 or later.

– x86 Platform –

Solaris 8:
Apply patch 109024-05 or later.

Solaris 9:
Apply patch 120239-01 or later,

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102215-1

---

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.