Note: This is an archival copy of Security Sun Alert 201742 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001282.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
4915967, 6502073, 6504408
Date of Workaround Release
Date of Resolved Release
Multiple security vulnerabilities in the X Font Server (xfs(1)) and the X Render and DBE extensions, which are part of the X11 servers Xsun(1) and Xorg(1), may allow a local or remote unprivileged user to elevate their privileges to root and execute arbitrary code resulting in memory corruption or a Denial of Service (DoS) condition.
These issues are described in the following documents:
CVE-2003-0730 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730
CVE-2006-6101 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
CVE-2006-6102 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
CVE-2006-6103 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
iDefense Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463
iDefense Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=464
iDefense Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=465
These issues can occur in the following releases:
Note: The Xorg(1) X11 server is only affected by BugID 6504408. The Xsun(1) X11 server is affected by BugsIDs 4915967 and 6502073.
There are no predictable symptoms that would indicate the described issues have been exploited.
This workaround is applicable on the x86 platform running Xorg(1) server:
In the "xorg.conf" file, located in "/etc/X11", remove the following lines from the "Module" section:
Load "render" Load "dbe"
Note: This will prevent the Render and the DBE extension from loading, which may affect the appearance or operation of some applications.
BugID 4915967 is fixed in the Solaris 9 patch revisions 112785-59 and 112786-48, and in the Solaris 10 patch revisions 119059-16 and 119060-15.
This issue is addressed in the following releases:
This solution has no attachment