Buffer Overflow Vulnerability in libX11

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6450316

Date of Resolved Release
07-SEP-2006

Impact

A buffer overflow vulnerability in libX11 may allow local unprivileged users to be able to execute arbitrary code or commands with elevated privileges. The code or commands executed would run with the privileges of the application dynamically linked to the libX11 library. A number of programs shipped in Solaris and by third parties dynamically link with the libX11 library and run with elevated privileges.

Sun acknowledges with thanks, RISE Security, for bringing this issue to our attention.

This issue is also referenced in: http://www.risesecurity.org/advisory/RISE-2006001.txt

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

Solaris 8 without patch 119067-03
Solaris 9 without patch 112785-56
Solaris 10 without patch 119059-16

x86 Platform

Solaris 8 without patch 119068-03
Solaris 9 without patch 112786-45
Solaris 10 without patch 119060-15

Symptoms

There are no predictable symptoms that would indicate the described vulnerability has been exploited to execute arbitrary code on a system.

Workaround

To work around the described issue, remove setuid(2) and setgid(2) privileges from all programs that link with libX11.so.4.

Note: This may break the ability of these programs to perform their functions.

Resolution

This issue is addressed in the following releases:

SPARC Platform

Solaris 8 with patch 119067-03 or later

Solaris 9 with patch 112785-56 or later

Solaris 10 with patch 119059-16 or later

x86 Platform

Solaris 8 with patch 119068-03 or later

Solaris 9 with patch 112786-45 or later

Solaris 10 with patch 119060-15 or later

References
119059-16
119060-15
112785-56
112786-45
119067-03
119068-03

Attachments
This solution has no attachment