Software Engineering Institute

Sun Microsystems describes the function of asppls(1M) as follows:

aspppd is the link manager for the asynchronous data link protocol specified in RFC1331, The Point-to-Point Protocol (PPP) for the Transmission of Multi-protocol Datagrams over Point-to-Point Links. It is a user level daemon that works in concert with the IP-Dialup driver (ipdcm) and PPP streams module ( ppp(7M)) to provide IP network services over an analog modem using dialed voice grade telephone lines. The link manager automates the process of connecting to a peer (remote) host when PPP service with that host is required. The connection process can be initiated either by sending an IP datagram to a (disconnected) peer host or by receiving a notification that a peer host desires to establish a connection. aspppls is the login service that connects the peer host machine to aspppd. aspppls is invoked by the serial port monitor when a peer machine logs into a PPP-enabled account. Its purpose is to cause the link manager to accept the incoming call.

A flaw in asppls(1M) allows a local attacker to overwrite or create any file on a Solaris 8 host.

A local attacker may be able to elevate his or her privileges.

Apply a patch.

Workaround

The following workaround is taken from Sun Alert ID: 46903

If asynchronous PPP is not being used at the customer site, the setuid permissions on the aspppls(1M) binary could be removed via the following command run as root:

# chmod u-s /usr/sbin/aspppls

The asynchronous PPP packages could also be removed if asynchronous PPP is not being used via the following command run as root:

# pkgrm SUNWapppr SUNWpppdu