(Sun Issues Fix for Solaris 10) Xdm May Let Local Users View the Error Log Files of a Target User
|
|
SecurityTracker Alert ID: 1017016 |
|
SecurityTracker URL: http://securitytracker.com/id/1017016
|
|
CVE Reference:
CVE-2006-5215
(Links to External Site)
|
Updated: Dec 17 2006
|
Original Entry Date: Oct 9 2006
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in xdm. A local user may be able to view error logs of other users.
A local user can exploit a race condition in the setting of file access permissions on the xdm error log file ($HOME/.xsession-errors) to read the error log file of a target user.
A local user can also exploit a race condition in the setting of file access permissions on the alternate xdm error log file (${TMP-/tmp}/xses-$USER) to read the error log file of a target user.
Steven Bellovin reported these vulnerabilities.
The original reports are available at:
http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32804
http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805
|
Impact:
A local user may be able to view the error log file of other users.
|
Solution:
Sun has issued a fix for Solaris 10:
SPARC Platform
* Solaris 10 with patch 124457-01 or later
x86 Platform
* Solaris 10 with patch 124458-01 or later
Sun is working on a fix for Solaris 8 and 9. For Solaris 8 and 9, Sun has described a workaround for xdm on in their advisory.
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1
|
Cause:
Access control error, State error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 9 Oct 2006 08:44:30 -0400
Subject: Security Vulnerability in X Display Manager (xdm(1)) Xsession Script
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1
|
|
