A Solaris 8 patch has been released for the 'xlock' heap overflow vulnerability (108652-40): http://sunsolve.sun.com/securitypatch Sun hasn't released the patches for Solaris 2.6 or 7 yet. I didn't get notice of the Solaris 8 patch through the usual channels (Sun security alert or CERT), thought I'd pass this along. Dave Foster =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NSFOCUS Security Advisory(SA2001-05) Topic: Solaris Xlock Heap Overflow Vulnerability Release Date 2001-08-10 CVE CAN ID : CAN-2001-0652 BUGTRAQ ID : 3160 Affected system: ================ Sun Solaris 2.6 (SPARC/x86) Sun Solaris 7 (SPARC/x86) Sun Solaris 8 (SPARC/x86) Impact: ========= NSFOCUS Security Team has found a heap buffer overflow vulnerability in the xlock shipped in Solaris system when handling some environment variables. Exploitation of it would allow a local attacker to obtain root privilege. Workaround: =================== Drop the suid root attribute of xlock: # chmod a-s /usr/openwin/bin/xlock Sun's patches to be released for this vulnerability: SPARC x86 --------- --------- Solaris 8 108652-38 108653-33 Solaris 7 108376-30 108377-26 Solaris 2.6 105633-60 106248-45
