Solaris Xsun Buffer Overrun Vulnerability
BID:1140
Info
Solaris Xsun Buffer Overrun Vulnerability
| Bugtraq ID: | 1140 |
| Class: | Unknown |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 24 2000 12:00AM |
| Updated: | Apr 24 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list by Theodor Ragnar Gislason <[email protected]> on April 24, 2000. |
| Vulnerable: |
Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 7.0_x86 Sun Solaris 7.0 |
| Not Vulnerable: | |
Exploit / POC
Solaris Xsun Buffer Overrun Vulnerability
Exploit available:
Exploit available:
Solution / Fix
Solaris Xsun Buffer Overrun Vulnerability
Solution:
Patches have been made available on SunSolve for Solaris 8, sparc and x86. They are currently only for contract customers. Presumably, Solaris 7 patches are forthcoming, and will also be available at SunSolve. Due to the nature of this vulnerability, these patches should be made public shortly. Patches for this, and other vulnerabilities in Sun products are available at http://sunsolve.sun.com
Removal of the setgid bit on the binary does not seem to have any noticeable negative effects, and will eliminate this vulnerability, on the Sparc platform. It will disable the ability of the Xserver to manage display power and adjust the priority of processes in the "IA" class (allowing the window in the foreground to have an elevated priority). Running under xdm, with the setgid bit removed, will re-enable this feature.
x86 users may find that they need Xsun to run as root in order to access the video device. In this case, a suitable solution is to remove the setuid bit, and launch X only via the dtlogin program, or xdm. dtconfig -e will enable this.
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 8_x86
Sun Solaris 8_sparc
Solution:
Patches have been made available on SunSolve for Solaris 8, sparc and x86. They are currently only for contract customers. Presumably, Solaris 7 patches are forthcoming, and will also be available at SunSolve. Due to the nature of this vulnerability, these patches should be made public shortly. Patches for this, and other vulnerabilities in Sun products are available at http://sunsolve.sun.com
Removal of the setgid bit on the binary does not seem to have any noticeable negative effects, and will eliminate this vulnerability, on the Sparc platform. It will disable the ability of the Xserver to manage display power and adjust the priority of processes in the "IA" class (allowing the window in the foreground to have an elevated priority). Running under xdm, with the setgid bit removed, will re-enable this feature.
x86 users may find that they need Xsun to run as root in order to access the video device. In this case, a suitable solution is to remove the setuid bit, and launch X only via the dtlogin program, or xdm. dtconfig -e will enable this.
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 8_x86
Sun Solaris 8_sparc