Note: This is an archival copy of Security Sun Alert 201777 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001316.1.
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
An unprivileged, local user might setup a scenario so that under certain circumstances an XView application on exit corrupts a system or user file.
Only files for which the exiting XView application has modify permission (based only on the applications current user/group ID and file permissions) are at risk. Therefore, XView applications running with root access rights under certain circumstances pose a risk to system files if no counter measures are taken (please see the "Workaround" section below).
This issue can occur in the following releases:
The exploit might only happen when an XView application exits. In addition, the exiting XView application must have a text subwindow that owns the clipboard selection. An application "owns" the clipboard selection if it is the application that most recently has copied text to the clipboard (e.g. by using the "Copy" key).
To check if an application is an XView application, the "ldd" command might be used. In the resulting output, a line listing "libxview.so" would indicate an XView application.
The issue described in this document can only be exploited by users already having an account on the affected system.
There are no direct symptoms that would show the described issue has been exploited on a system.
As a possible workaround, users (and especially users running XView applications with root user privileges) should insure that before exiting an XView application, another application owns the clipboard selection. This can be achieved by copying text from another application to the clipboard (e.g. by using the "Copy" key).
This issue is addressed in the following releases:
Note: Solaris 2.5, 2.5.1 and 2.6 require an upgrade to Solaris 7 or later with installation of the associated patch to address this issue.
This solution has no attachment