Note: This is an archival copy of Security Sun Alert 200141 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000103.1.
Article ID : 1000103.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-24
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Linux 5.0 Buffer Overflow in Window Maker 0.80.0 and Earlier


Release Phase

Bug Id

Date of Resolved Release


A buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote unprivileged users to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. This could be exploited, for example, by a user opening a malicious theme.

Additional information is available at:

Note: Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP graphical user interface.

Contributing Factors

This issue can occur in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with Window Maker versions 0.65.0 or earlier

The Window Maker version can be identified by executing the command "rpm -q WindowMaker".

Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server.


There are no predictable symptoms that would show the described issue has been exploited.


To work around the described issue, disable the Window Maker by removing executable and all other permissions from the "/usr/bin/wmaker" file:

To remove permissions:

	# chmod 000 /usr/bin/wmaker

To restore permissions:

	# chmod 755 /usr/bin/wmaker


This issue is addressed in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with Window Maker versions 0.65.1-42 or later

Sun Linux patches for this issue are available at:

Modification History
Date: 04-SEP-2003
  • State: Resolved
  • Updated Contributing Factors and Resolution sections

Sun Linux 5.0

This solution has no attachment