Installation Note 37746: Security vulnerability with sasperm binary in SAS® 9.1.3 SP4 and SAS® 9.2
 |  |  |  |  |
If certain conditions are met, it is possible for a user to escalate privileges to that of the root user by running the sasperm binary in the !SASROOT/utilities/bin directory.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS/SHARE | 64-bit Enabled AIX | 9.1 TS1M3 SP4 | 9.2 TS2M0 |
| 64-bit Enabled HP-UX | 9.1 TS1M3 SP4 | 9.2 TS2M0 | ||
| 64-bit Enabled Solaris | 9.1 TS1M3 SP4 | 9.2 TS2M0 | ||
| HP-UX IPF | 9.1 TS1M3 SP4 | 9.2 TS2M0 | ||
| Linux | 9.1 TS1M3 SP4 | 9.2 TS2M0 | ||
| Linux on Itanium | 9.1 TS1M3 SP4 | 9.2 TS2M0 | ||
| Solaris for x64 | 9.1 TS1M3 SP4 | 9.2 TS2M0 | ||
| Tru64 UNIX | 9.1 TS1M3 SP4 | 9.2 TS2M0 | ||
A fix for this issue for Base SAS 9.21_M1 is available at:
http://ftp.sas.com/techsup/download/hotfix/HF2/A50.html#37746| Type: | Installation Note |
| Priority: | alert |
| Topic: | System Administration ==> Security System Administration ==> Security ==> Authentication System Administration ==> Security ==> Identity Management System Administration ==> Security ==> Permissions System Administration ==> Security ==> Roles |
| Date Modified: | 2009-12-16 10:49:31 |
| Date Created: | 2009-11-05 18:29:02 |