-
April 4th, 2002, 05:26 PM
#1
XSun Vulnerability
INFORMATION ALERT
AN EMERGING ISSUE WITH:
SOLARIS X WINDOW SERVER (XSUN)
SEVERITY:
Medium
DATE:
April 3, 2002
SUMMARY:
In a post to Bugtraq on April 2, the NSFOCUS Security Team described
a buffer overflow in Solaris' X Window Server (Xsun). A savvy hacker
with a login to your machine could use this buffer overflow to gain
root access. There is no direct impact on WatchGuard products.
Administrators running Solaris 2.6, 7 and 8 should apply the
workaround described below as soon as possible.
EXPOSURE:
Xsun is the Solaris version of the X Window system, which allows you
to interact with Linux using a Graphical User Interface (GUI). The
typical Solaris install includes Xsun by default, accessible to all
users.
The NSFOCUS Security Team found a buffer overflow in Xsun involving
the "-co" parameter, which is used to specify a color database file.
Xsun does not check the length of the filename entered after the "-
co" parameter. This allows for the buffer overflow.
The default Solaris installation configures Xsun to run with root
privileges. That means a hacker exploiting this Xsun buffer overflow
can launch any program with root privileges, thus gaining root
access to your Solaris server.
In order to exploit this vulnerability, the hacker needs a login to
your Solaris machine. However, once a login is obtained, the hacker
could exploit this buffer overflow remotely through telnet, rlogin
or SSH.
SOLUTION PATH:
Solaris has not yet released a patch for this vulnerability.
However, you can lower the damage potential of this vulnerability by
removing the suid root or sgid root attribute from Xsun.
Administrators should log in as root and execute this command:
chmod a-s /usr/openwin/bin/Xsun
Executing the command will not remove the buffer overflow, but will
prevent a hacker from gaining root access when exploiting the
vulnerability.
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
April 4th, 2002, 07:06 PM
#2
Junior Member
I don't understand ... how the hacker use -co at my mechine if they cannot connected wuth my mechine
-
April 6th, 2002, 01:04 AM
#3
I don't use Xsun but it is good to know.
Trappedagainbyperfectlogic.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|