Bugtraq mailing list archives
Re: NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability
From: David Foster <foster () dim ucsd edu>
Date: Fri, 26 Oct 2001 14:04:06 -0700 (PDT)
The patches for this are now available (Solaris 8 has been available for awhile, Solaris 2.6 patch just came out). I haven't been notified by the usual channels, so I'd thought I'd send this out. Dave Foster
NSFOCUS Security Advisory(SA2001-05) Topic: Solaris Xlock Heap Overflow Vulnerability Release Date£º 2001-08-10 CVE CAN ID : CAN-2001-0652 BUGTRAQ ID : 3160 Affected system: ================ Sun Solaris 2.6 (SPARC/x86) Sun Solaris 7 (SPARC/x86) Sun Solaris 8 (SPARC/x86) Impact: ========= NSFOCUS Security Team has found a heap buffer overflow vulnerability in the xlock shipped in Solaris system when handling some environment variables. Exploitation of it would allow a local attacker to obtain root privilege.
Sun's patches to be released for this vulnerability: SPARC x86 --------- --------- Solaris 8 108652-38 108653-33 Solaris 7 108376-30 108377-26 Solaris 2.6 105633-60 106248-45 Security patches of Sun Inc. are available at: http://sunsolve.sun.com/securitypatch
<< All opinions expressed are mine, not the University's >> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= David Foster National Center for Microscopy and Imaging Research Programmer/Analyst University of California, San Diego dfoster () ucsd edu Department of Neuroscience, Mail 0608 (858) 534-7968 http://ncmir.ucsd.edu/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable." -- George Bernard Shaw
Current thread:
- Re: NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability David Foster (Oct 12)
- <Possible follow-ups>
- Re: NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability David Foster (Oct 27)