Note: This is an archival copy of Security Sun Alert 201777 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001316.1.
Article ID : 1001316.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-11-01
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Possible Security Issue with XView Text Clipboard

Category
Security

Release Phase
Resolved

Product
Solaris 2.5
Solaris 2.5.1
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4459703

Date of Workaround Release
09-JUL-2001

Date of Resolved Release
08-AUG-2005

Impact

An unprivileged, local user might setup a scenario so that under certain circumstances an XView application on exit corrupts a system or user file.

Only files for which the exiting XView application has modify permission (based only on the applications current user/group ID and file permissions) are at risk. Therefore, XView applications running with root access rights under certain circumstances pose a risk to system files if no counter measures are taken (please see the "Workaround" section below).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 2.5
  • Solaris 2.5.1
  • Solaris 2.6
  • Solaris 7 without patch 107374-03
  • Solaris 8 without patch 111626-04
  • Solaris 9 without patch 112811-02
  • Solaris 10 without patch 119903-01

x86 Platform

  • Solaris 2.5
  • Solaris 2.5.1
  • Solaris 2.6
  • Solaris 7 without patch 107375-03
  • Solaris 8 without patch 111627-03
  • Solaris 9 without patch 119902-01
  • Solaris 10 without patch 119904-01

The exploit might only happen when an XView application exits. In addition, the exiting XView application must have a text subwindow that owns the clipboard selection. An application "owns" the clipboard selection if it is the application that most recently has copied text to the clipboard (e.g. by using the "Copy" key).

To check if an application is an XView application, the "ldd" command might be used. In the resulting output, a line listing "libxview.so" would indicate an XView application.

The issue described in this document can only be exploited by users already having an account on the affected system.


Symptoms

There are no direct symptoms that would show the described issue has been exploited on a system.


Workaround

As a possible workaround, users (and especially users running XView applications with root user privileges) should insure that before exiting an XView application, another application owns the clipboard selection. This can be achieved by copying text from another application to the clipboard (e.g. by using the "Copy" key).


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 7 with patch 107374-03 or later
  • Solaris 8 with patch 111626-04 or later
  • Solaris 9 with patch 112811-02 or later
  • Solaris 10 with patch 119903-01 or later

x86 Platform

  • Solaris 7 with patch 107375-03 or later
  • Solaris 8 with patch 111627-03 or later
  • Solaris 9 with patch 119902-01 or later
  • Solaris 10 with patch 119904-01 or later

Note: Solaris 2.5, 2.5.1 and 2.6 require an upgrade to Solaris 7 or later with installation of the associated patch to address this issue.

 



Modification History
Date: 31-MAR-2005
  • State: Resolved

Date: 08-AUG-2005
  • Updated Contributing Factors and Resolution sections

 



References

107374-03
107375-03
111626-04
111627-03
112811-02
119902-01
119903-01
119904-01




Attachments
This solution has no attachment