Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability

From: David Foster <foster () dim ucsd edu>
Date: Fri, 12 Oct 2001 15:49:42 -0700 (PDT)

A Solaris 8 patch has been released for the 'xlock' 
heap overflow vulnerability (108652-40):

        http://sunsolve.sun.com/securitypatch
        
Sun hasn't released the patches for Solaris 2.6 or 7 yet.

I didn't get notice of the Solaris 8 patch through the usual channels 
(Sun security alert or CERT), thought I'd pass this along.

Dave Foster


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
NSFOCUS Security Advisory(SA2001-05)

Topic:  Solaris Xlock Heap Overflow Vulnerability

Release Date 2001-08-10

CVE CAN ID : CAN-2001-0652
BUGTRAQ ID : 3160

Affected system:
================

  Sun Solaris 2.6 (SPARC/x86)
  Sun Solaris 7   (SPARC/x86) 
  Sun Solaris 8   (SPARC/x86) 

Impact: 
=========

NSFOCUS Security Team has found a heap buffer overflow vulnerability in the 
xlock shipped in Solaris system when handling some environment variables. 
Exploitation of it would allow a local attacker to obtain root privilege.

Workaround:
===================

Drop the suid root attribute of xlock:

# chmod a-s /usr/openwin/bin/xlock

Sun's patches to be released for this vulnerability:

                SPARC           x86
                ---------       ---------
  Solaris 8     108652-38       108653-33
  Solaris 7     108376-30       108377-26
  Solaris 2.6   105633-60       106248-45
Previous By Date Next
Previous By Thread Next

Current thread: