Solaris Xsun Direct Graphics Access Mode Insecure Temporary Files May Allow Local Users to Gain Root Privileges
|
|
SecurityTracker Alert ID: 1008363 |
|
SecurityTracker URL: http://securitytracker.com/id/1008363
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 3 2003
|
Impact:
Denial of service via local system, Modification of system information, Modification of user information, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in the Xsun(1) Solaris X11 server when run in Direct Graphics Access (DGA) mode. A local user may be able to gain root privileges.
It is reported that on systems running the Xsun(1), a local user may be able to overwrite or create arbitrary files with root privileges due to a flaw in Xsun(1) in DGA mode. A local user can create a symbolic link (symlink) from a critical file on the system to a temporary file name to be used by Xsun. Then, when any application that uses DGA is executed, the linked file may be overwritten or created with root privileges.
A local user can also cause the Xsun process of any user of a DGA application to crash.
|
Impact:
A local user can overwrite or create arbitrary files with root privileges, potentially giving the local user root access on the system.
A local user can cause the Xsun process of a target user of a DGA application to crash.
|
Solution:
Sun has issued the following fixes:
SPARC Platform
Solaris 2.6 with patch 105633-64 or later
Solaris 7 with patch 108376-44 or later
Solaris 8 with patch 108652-72 or later
Solaris 9 with patch 112785-25 or later
x86 Platform
Solaris 2.6 with patch 106248-49 or later
Solaris 7 with patch 108377-39 or later
Solaris 8 with patch 108653-61 or later
Solaris 9 with patch 112786-15 or later
|
Vendor URL: sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57419 (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 03 Dec 2003 08:29:02 -0500
Subject: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57419
|
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57419
57419 Running Xsun Server in Direct Graphics Access (DGA) Mode May Allow Creation of
Temporary Files Insecurely or Allow a "Denial of Service" Attack 2 Dec 2003
Sun reported that on systems running the Xsun(1) Solaris X11 server, a local user may be
able to overwrite or create arbitrary files with root privileges due to a flaw in Xsun(1)
and Direct Graphics Access (DGA) mode.
A local user can also cause the Xsun process of any user of a DGA application to crash.
These flaws can reportedly be triggered during the use of any application that uses DGA.
Sun has issued the following fixes:
SPARC Platform
Solaris 2.6 with patch 105633-64 or later
Solaris 7 with patch 108376-44 or later
Solaris 8 with patch 108652-72 or later
Solaris 9 with patch 112785-25 or later
x86 Platform
Solaris 2.6 with patch 106248-49 or later
Solaris 7 with patch 108377-39 or later
Solaris 8 with patch 108653-61 or later
Solaris 9 with patch 112786-15 or later
-----
Sun Alert ID: 57419
Synopsis: Running Xsun Server in Direct Graphics Access (DGA) Mode May Allow Creation of
Temporary Files Insecurely or Allow a "Denial of Service" Attack
Category: Security
Product: Solaris, Xserver
BugIDs: 4680913
Avoidance: Patch
State: Resolved
Date Released: 02-Dec-2003
Date Closed: 02-Dec-2003
Date Modified:
|
|
