[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability
From: David Foster <foster () dim ! ucsd ! edu>
Date: 2001-10-26 21:04:06
[Download RAW message or body]
The patches for this are now available (Solaris 8 has been
available for awhile, Solaris 2.6 patch just came out).
I haven't been notified by the usual channels, so I'd
thought I'd send this out.
Dave Foster
>
> NSFOCUS Security Advisory(SA2001-05)
>
> Topic: Solaris Xlock Heap Overflow Vulnerability
>
> Release Date£º 2001-08-10
>
> CVE CAN ID : CAN-2001-0652
> BUGTRAQ ID : 3160
>
> Affected system:
> ================
>
> Sun Solaris 2.6 (SPARC/x86)
> Sun Solaris 7 (SPARC/x86)
> Sun Solaris 8 (SPARC/x86)
>
> Impact:
> =========
>
> NSFOCUS Security Team has found a heap buffer overflow vulnerability in the
> xlock shipped in Solaris system when handling some environment variables.
> Exploitation of it would allow a local attacker to obtain root privilege.
> Sun's patches to be released for this vulnerability:
>
> SPARC x86
> --------- ---------
> Solaris 8 108652-38 108653-33
> Solaris 7 108376-30 108377-26
> Solaris 2.6 105633-60 106248-45
>
>
> Security patches of Sun Inc. are available at:
>
> http://sunsolve.sun.com/securitypatch
>
<< All opinions expressed are mine, not the University's >>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
David Foster National Center for Microscopy and Imaging Research
Programmer/Analyst University of California, San Diego
dfoster@ucsd.edu Department of Neuroscience, Mail 0608
(858) 534-7968 http://ncmir.ucsd.edu/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore, all progress
depends on the unreasonable." -- George Bernard Shaw
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic