Note: This is an archival copy of Security Sun Alert 270969 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021107.1.
Article ID : 1021107.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-03
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Security Weakness in Solaris Trusted Extensions May Facilitate Privilege Escalation



Category
Security

Release Phase
Resolved

Bug Id
6858547

Product
Solaris 10 Operating System
OpenSolaris

Date of Resolved Release
26-Oct-2009

A security weakness in Solaris Trusted Extensions Policy configuration ...

1. Impact

A security weakness in Solaris Trusted Extensions Policy configuration
may allow a remote unprivileged user who has authorized or unauthorized
access to the X server, to leverage an additional vulnerability which could
lead to arbitrary code execution as a local privileged or unprivileged user.

2. Contributing Factors

This issue is present in the following releases:

SPARC Platform

  • Solaris 10 without patch 126363-08
  • OpenSolaris based upon builds snv_37 through snv_125

x86 Platform

  • Solaris 10 without patch 126364-08
  • OpenSolaris based upon builds snv_37 through snv_125

Note 1: Solaris 8, Solaris 9 and releases of Solaris 10 prior to
Solaris 10 11/06 do not include Solaris Trusted Extensions and so do
not have this weakness.

Note 2: This issue only impacts Solaris 10 and OpenSolaris systems
which have installed and configured Solaris Trusted Extensions. To
determine if a system is configured with Trusted Extensions, the
following command can be run in the global zone:

    $ svcs /system/labeld
STATE STIME FMRI
online 10:02:34 svc:/system/labeld:default

If the state is disabled or if the labeld service is not listed,
then the system is not configured to use Trusted Extensions.


3. Symptoms

There are no predictable symptoms that would indicate the described
weakness has been exploited to gain elevated privileges.



4. Workaround

To work around the described issue for the Xorg(1) server, the XTEST extension
may be disabled by adding the following lines to xorg.conf(4) file:

   Section "Extensions"
Option "XTEST" "disable"
EndSection

4. Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 126363-08 or later
  • OpenSolaris based upon builds snv_126 or later

x86 Platform

  • Solaris 10 with patch 126364-08 or later
  • OpenSolaris based upon builds snv_126 or later

For more information on Security Sun Alerts, see


References

126363-08
126364-08

References

SUNPATCH:126363-08
SUNPATCH:126364-08



Attachments
This solution has no attachment