37746 - Security vulnerability with sasperm binary in SAS® 9.1.3 SP4 and SAS® 9.2

SUPPORT / SAMPLES & SAS NOTES

Support

Submit a Problem
Update a Problem
Check Problem Status
SAS Administrators
Security Bulletins
License Assistance
Manage My Software Account
Downloads & Hot Fixes
Samples & SAS Notes

Installation Note 37746: Security vulnerability with sasperm binary in SAS® 9.1.3 SP4 and SAS® 9.2

If certain conditions are met, it is possible for a user to escalate privileges to that of the root user by running the sasperm binary in the !SASROOT/utilities/bin directory.

Operating System and Release Information

Product Family	Product	System	SAS Release
Product Family	Product	System	Reported	Fixed*
SAS System	SAS/SHARE	64-bit Enabled AIX	9.1 TS1M3 SP4	9.2 TS2M0
		64-bit Enabled HP-UX	9.1 TS1M3 SP4	9.2 TS2M0
		64-bit Enabled Solaris	9.1 TS1M3 SP4	9.2 TS2M0
		HP-UX IPF	9.1 TS1M3 SP4	9.2 TS2M0
		Linux	9.1 TS1M3 SP4	9.2 TS2M0
		Linux on Itanium	9.1 TS1M3 SP4	9.2 TS2M0
		Solaris for x64	9.1 TS1M3 SP4	9.2 TS2M0
		Tru64 UNIX	9.1 TS1M3 SP4	9.2 TS2M0

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Installation Note
Priority:	alert
Topic:	System Administration ==> Security System Administration ==> Security ==> Authentication System Administration ==> Security ==> Identity Management System Administration ==> Security ==> Permissions System Administration ==> Security ==> Roles

Date Modified:	2009-12-16 10:49:31
Date Created:	2009-11-05 18:29:02

Support

Installation Note 37746: Security vulnerability with sasperm binary in SAS® 9.1.3 SP4 and SAS® 9.2

Operating System and Release Information

Follow Us

What is...