XSun Vulnerability
Results 1 to 3 of 3

Thread: XSun Vulnerability

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    XSun Vulnerability

    INFORMATION ALERT


    AN EMERGING ISSUE WITH:
    SOLARIS X WINDOW SERVER (XSUN)


    SEVERITY:
    Medium

    DATE:
    April 3, 2002


    SUMMARY:

    In a post to Bugtraq on April 2, the NSFOCUS Security Team described
    a buffer overflow in Solaris' X Window Server (Xsun). A savvy hacker
    with a login to your machine could use this buffer overflow to gain
    root access. There is no direct impact on WatchGuard products.
    Administrators running Solaris 2.6, 7 and 8 should apply the
    workaround described below as soon as possible.


    EXPOSURE:

    Xsun is the Solaris version of the X Window system, which allows you
    to interact with Linux using a Graphical User Interface (GUI). The
    typical Solaris install includes Xsun by default, accessible to all
    users.

    The NSFOCUS Security Team found a buffer overflow in Xsun involving
    the "-co" parameter, which is used to specify a color database file.
    Xsun does not check the length of the filename entered after the "-
    co" parameter. This allows for the buffer overflow.

    The default Solaris installation configures Xsun to run with root
    privileges. That means a hacker exploiting this Xsun buffer overflow
    can launch any program with root privileges, thus gaining root
    access to your Solaris server.

    In order to exploit this vulnerability, the hacker needs a login to
    your Solaris machine. However, once a login is obtained, the hacker
    could exploit this buffer overflow remotely through telnet, rlogin
    or SSH.


    SOLUTION PATH:

    Solaris has not yet released a patch for this vulnerability.
    However, you can lower the damage potential of this vulnerability by
    removing the suid root or sgid root attribute from Xsun.
    Administrators should log in as root and execute this command:

    chmod a-s /usr/openwin/bin/Xsun

    Executing the command will not remove the buffer overflow, but will
    prevent a hacker from gaining root access when exploiting the
    vulnerability.
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Junior Member
    Join Date
    Apr 2002
    Posts
    1
    I don't understand ... how the hacker use -co at my mechine if they cannot connected wuth my mechine

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    I don't use Xsun but it is good to know.
    Trappedagainbyperfectlogic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •