Note: This is an archival copy of Security Sun Alert 201153 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000872.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
A security vulnerability which affects the Xsun(1) and Xprt(1) commands may allow a a local unprivileged user the ability to execute arbitrary code with the privileges of either the Xsun(1) or Xprt(1) command.
Sun acknowledges, with thanks, Eric Sheridan of Towson University for bringing this issue to our attention.
This issue can occur in the following releases:
There are no predictable symptoms that would indicate the described issue has been exploited.
To work around the described issue, remove the setuid(2) and/or setgid(2) bit from Xsun(1) and Xprt(1).
Note: Performing the above procedure will disable the following:
1. The ability to run Xsun on Solaris x86.
2. Power management and Interactive Process Priority control on Solaris SPARC.
3. Xsun(1) and Xprt(1) ability to open Unix domain sockets and named pipe transports in the protected "/tmp/.X11-*" directories.
Note: These features will still be available if Xsun(1) is started via display managers such as dtlogin(1) or gdm(1), however, the system would still be vulnerable to this issue.
This issue is addressed in the following releases:
This solution has no attachment