|
Note: This is an archival copy of Security Sun Alert 200141 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000103.1. |
Category Security Release Phase Resolved 4888529 Date of Resolved Release 04-SEP-2003 Impact A buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote unprivileged users to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. This could be exploited, for example, by a user opening a malicious theme. Additional information is available at:
Note: Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP graphical user interface.
Contributing Factors This issue can occur in the following releases: Sun Linux Platform
The Window Maker version can be identified by executing the command "rpm -q WindowMaker". Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server. Symptoms There are no predictable symptoms that would show the described issue has been exploited.
Workaround To work around the described issue, disable the Window Maker by removing executable and all other permissions from the "/usr/bin/wmaker" file: To remove permissions: # chmod 000 /usr/bin/wmaker To restore permissions: # chmod 755 /usr/bin/wmaker Resolution This issue is addressed in the following releases: Sun Linux Platform
Sun Linux patches for this issue are available at: http://sunsolve.sun.com/patches/linux/security.html. Modification History Date: 04-SEP-2003
Product Sun Linux 5.0 Attachments This solution has no attachment | |||||||||||||||
|
|