> From: eEye Digital Security [mailto:[EMAIL PROTECTED]]
> Solaris Xsun buffer overflow vulnerability
>
> Discovered and exploited by:
> Riley Hassell [EMAIL PROTECTED]
>
> Release Date:
> April 10, 2001
>
> Systems Affected:
> Solaris 7/8 (x86 and sparc)
>
> Description:
> Yet some more Solaris spring cleaning...
>
> A buffer overflow was discovered in Xsun. Since Xsun is SUID root,
> exploiting this vulnerability yields root privileges. The
Hmm.
Just a quick check on a couple of the boxen that I've got access to:
(historical reference)
root@okmok> uname -r
5.5.1
root@okmok> dir `which Xsun`
-rwxr-s-r-x 1 root root 729792 Jan 26 21:20
/usr/openwin/bin/Xsun
root@foraker> uname -r
5.6
root@foraker> dir `which Xsun`
-rwxr-s-r-x 1 root root 916792 May 5 2000
/usr/openwin/bin/Xsun
root@wormhole> uname -r
5.8
root@wormhole> dir `which Xsun`
-rwxr-s-r-x 1 root root 1941644 Dec 15 1999
/usr/openwin/bin/Xsun
My Solaris 8 only seems to have the following patches:
root@wormhole> showrev -p | awk '{print $1 $2}'
Patch:108131-03
Patch:108132-03
Don't have a Solaris 7 box to check. Not sure why your Solaris 8 has
a SUID Xsun install, either.
Leif
