Product
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
5086486, 6175145

Date of Workaround Release
08-OCT-2004

Date of Resolved Release
09-MAY-2005

Impact

Several security vulnerabilities have been reported in the X Pixmap (libXpm) library which also affect the Motif library (libXm) shipped with Solaris and JDS for Linux since libXm includes the affected libXpm routines. These security vulnerabilities may allow a remote unprivileged user to execute arbitrary code with the privileges of a local user if that user loads an X Pixmap (.xpm) format image file from an untrusted source with an application that is linked with the Motif library (libXm).

Note: The Motif library (libXm) can be used to manipulate and display small images in Motif applications.

This issue is also described in the following documents:

Chris Evans Security Advisory (CESA) 2004.003 at http://scary.beasts.org/security/CESA-2004-003.txt

CAN-2004-0687 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687

CAN-2004-0688 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

• Solaris 7 without patch 107081-57
• Solaris 8 without patch 108940-68
• Solaris 9 without patch 112771-23

x86 Platform

• Solaris 7 without patch 107082-57
• Solaris 8 without patch 108941-68
• Solaris 9 without patch 113867-18

Linux Platform

• Sun Java Desktop System (JDS) 2003 without the updated RPMs (patch-9400)
• Sun Java Desktop System (JDS) Release 2 without the updated RPMs (patch-9400)

Notes:

1. JDS for Solaris is not impacted by this issue.
2. This issue only occurs with Open Motif versions openmotif-2.2.2-502 or earlier.

To determine if a Solaris application is linked with the libXm library, the ldd(1) can be utilized. For example:

    $ ldd /usr/dt/bin/uil | grep libXm.so 
libXm.so.4 =>    /usr/dt/lib/libXm.so.4

To determine if a Linux application is linked with the libXm library, the ldd(1) utility can be utilized. For example:

    $ ldd /usr/X11R6/bin/uil | grep libXm
libXm.so.3 => /usr/X11R6/lib/libXm.so.3 (0x40033000)

To determine the release of JDS for Linux installed on a system, the following command can be run:

    % cat /etc/sun-release
Sun Java Desktop System, Release 2 -build 10b (GA)
Assembled 30 March 2004

To determine the version of Open Motif, the following command can be run:

    % rpm -qf /usr/X11R6/lib/libXm.so.3
openmotif-2.2.2-522

Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.

Workaround

To work around the described issue, do not load X PixMap (.xpm) images from untrusted sources.

Resolution

This issue is resolved in the following releases:

Solaris Platform:

• Solaris 7 with patch 107081-57 or later
• Solaris 8 with patch 108940-68 or later
• Solaris 9 with patch 112771-23 or later

x86 Platform

• Solaris 7 with patch 107082-57 or later
• Solaris 8 with patch 108941-68 or later
• Solaris 9 with patch 113867-18 or later

Linux Platform

• Sun Java Desktop System (JDS) 2003 with the updated RPMs (patch-9400)
• Sun Java Desktop System (JDS) Release 2 with the updated RPMs (patch-9400)

To download and install the updated RPMs from the update servers, select the following from the "launch" bar:

    Launch >> Applications >> System Tools >> Online Update

Modification History
Date: 09-MAY-2005

• Added resolution patches for Solaris 7 to Contributing Factors and Resolution sections; re-release as Resolved

Date: 22-APR-2005

• Added pending patches for Solaris 7 (to be released week of 28-Apr)

Date: 02-FEB-2005

• Add resolution patches for Solaris 8, update Contributing Factors and Resolution sections

Date: 23-DEC-2004

• Final patch releases for Solaris 9 added to Contributing Factors and Resolution sections.

Date: 16-NOV-2004

• Added pending patches for Solaris 9

References

108940-68
112771-23
108941-68
113867-18
107081-57
107082-57




Attachments

This solution has no attachment