Buffer Overflow Vulnerability in libX11


Category :Security
Release Phase :Resolved
Product :Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System  
Bug Id :6450316  
Date of Resolved Release :07-SEP-2006 


Impact

A buffer overflow vulnerability in libX11 may allow local unprivileged users to be able to execute arbitrary code or commands with elevated privileges. The code or commands executed would run with the privileges of the application dynamically linked to the libX11 library. A number of programs shipped in Solaris and by third parties dynamically link with the libX11 library and run with elevated privileges.

Sun acknowledges with thanks, RISE Security, for bringing this issue to our attention.

This issue is also referenced in: http://www.risesecurity.org/advisory/RISE-2006001.txt


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 119067-03
  • Solaris 9 without patch 112785-56
  • Solaris 10 without patch 119059-16

x86 Platform

  • Solaris 8 without patch 119068-03
  • Solaris 9 without patch 112786-45
  • Solaris 10 without patch 119060-15

Symptoms

There are no predictable symptoms that would indicate the described vulnerability has been exploited to execute arbitrary code on a system.


Workaround

To work around the described issue, remove setuid(2) and setgid(2) privileges from all programs that link with libX11.so.4.

Note: This may break the ability of these programs to perform their functions.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 119067-03 or later
  • Solaris 9 with patch 112785-56 or later
  • Solaris 10 with patch 119059-16 or later

x86 Platform

  • Solaris 8 with patch 119068-03 or later
  • Solaris 9 with patch 112786-45 or later
  • Solaris 10 with patch 119060-15 or later





Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 201131
Article Type : Sun Alert
Last reviewed : 2006-11-09
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
About Oracle | Oracle and Sun | Oracle RSS Feeds | Subscribe | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Your Privacy Rights | Copyright © 2010, Oracle Corporation and/or its affiliates | SunSolve Version 7.4.2 #1