Note: This is an archival copy of Security Sun Alert 230901 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1018961.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System Bug Id 6642763, 6642762 Date of Workaround Release 17-Jan-2008 Date of Resolved Release 06-FEB-2008 Security Vulnerability in the Solaris X Server May Lead to Unauthorized Disclosure of Information on Access Restricted Files and Directories (see below for full details) 1. ImpactA Security vulnerability in the Solaris X11 display server (Xorg(1) and Xsun(1)) and the Solaris X11 print server (Xprt(1)), related to the handling of command line options may allow a local unprivileged user to determine the existence of files or directories in access restricted directories. The ability to gather information on access restricted files or directories indicates a loss of confidentiality. This issue is described in the following document:
2. Contributing FactorsThese issues can occur in the following releases: SPARC Platform
3. SymptomsThere are no predictable symptoms that would indicate the described issue has occurred. 4. Relief/WorkaroundTo work around the described issue, remove the setuid(2) and/or setgid(2) bit from Xsun, Xorg and Xprt. To remove the setuid(2) and/or setgid(2) bit from Xsun, Xorg and Xprt, the following commands can be run as "root": # chmod 0755 /usr/openwin/bin/Xsun /usr/openwin/bin/Xprt Note: Not all of the above binaries may be found on all systems. Warning: When Xsun, Xorg and Xprt are ran directly or from xinit, removing the setuid/setgid bits from these binaries will disable:
Note: dtlogin(1X) and gdm(1m) will not be affected and will still be able to start with the privileges of the "root" user. 5. ResolutionThis issue is addressed in the following releases: SPARC Platform
For more information on Security Sun Alerts, see Sun 1009886.1. Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Modification History 06-Feb-2008: Update Contributing Factors and Resolution sections - STATE: RESOLVED 18-Jan-2007: Update Contributing Factors, Relief/Workaround, and Resolution sections. References119067-09112785-63 119059-38 125719-07 119068-09 112786-52 119060-37 125720-17 Attachments This solution has no attachment |
|