Sun has released a security patch to fix a vulnerability in Solaris, which could be exploited by a local attacker to gain elevated privileges. This security flaw affects the Xsun(1) and Xprt(1) commands and could allow a local attacker without privileges to run arbitrary code in the security context of these commands (which could have higher system privileges than the attacker).
The vulnerability affects version 7, 8, 9 and 10 of Solaris, in both SPARC and x86 platforms. Sun has released the patch for versions 8, 9 and 10 of Solaris, but the patch for version 7 is still pending.
More information about the vulnerability and the patches are available
in the Sun advisory (document: 101800).