[22846] in bugtraq
Re: NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability
daemon@ATHENA.MIT.EDU (David Foster)
Fri Oct 12 18:55:29 2001
Message-Id: <200110122249.PAA11167@dim.ucsd.edu>
Date: Fri, 12 Oct 2001 15:49:42 -0700 (PDT)
From: David Foster <foster@dim.ucsd.edu>
Reply-To: David Foster <foster@dim.ucsd.edu>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: 5WxSLX3bY6Qi7fPv/XrOAw==
A Solaris 8 patch has been released for the 'xlock'
heap overflow vulnerability (108652-40):
http://sunsolve.sun.com/securitypatch
Sun hasn't released the patches for Solaris 2.6 or 7 yet.
I didn't get notice of the Solaris 8 patch through the usual channels
(Sun security alert or CERT), thought I'd pass this along.
Dave Foster
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
NSFOCUS Security Advisory(SA2001-05)
Topic: Solaris Xlock Heap Overflow Vulnerability
Release Date 2001-08-10
CVE CAN ID : CAN-2001-0652
BUGTRAQ ID : 3160
Affected system:
================
Sun Solaris 2.6 (SPARC/x86)
Sun Solaris 7 (SPARC/x86)
Sun Solaris 8 (SPARC/x86)
Impact:
=========
NSFOCUS Security Team has found a heap buffer overflow vulnerability in the
xlock shipped in Solaris system when handling some environment variables.
Exploitation of it would allow a local attacker to obtain root privilege.
Workaround:
===================
Drop the suid root attribute of xlock:
# chmod a-s /usr/openwin/bin/xlock
Sun's patches to be released for this vulnerability:
SPARC x86
--------- ---------
Solaris 8 108652-38 108653-33
Solaris 7 108376-30 108377-26
Solaris 2.6 105633-60 106248-45
