4118295 LC_* can be used to obtain root access from setuid programs
This is already fixed in Solaris 7 and the following patches for
RELEASE ARCH PATCH
5.6 i386 105211-06
5.6 sparc 105210-06
OK, did I miss the later messages on this topic? I've been waiting for a
formal announcement from Sun, or a real patch, or someone to say that this
patch definitely fixes the problem, or SOMETHING...
I don't know what version of patching Peter was talking about, but right
now, I can consistently gain root on my Solaris 7 sparc box, with MU2
applied, using the LC_MESSAGES buffer overflow exploit. And I can
consistently do Bad Things to sh on a Solaris 2.6 box with 105210-19
(its a production machine, I can't actively root it).