Sun Solaris Xsun DGA mode allows elevated privileges

solaris-xsun-gain-privileges (13890) The risk level is classified as HighHigh Risk

Description:

Sun Solaris could allow a local attacker to gain elevated privileges, caused by a vulnerability in Xsun, when running in Direct Graphics Access (DGA) mode. A local attacker could exploit this vulnerability to overwrite or create arbitrary files on the system or cause the Xsun process of a DGA program to crash.


Consequences:

Gain Privileges

Remedy:

Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 57419 for more information. See References.

SPARC:
Solaris 2.6: 105633-64 or later
Solaris 7: 108376-44 or later
Solaris 8: 108652-72 or later
Solaris 9: 112785-25 or later

x86:
Solaris 2.6: 106248-49 or later
Solaris 7: 108377-39 or later
Solaris 8: 108653-61 or later
Solaris 9: 112786-15 or later

References:

  • CIAC Information Bulletin O-033: Sun Xsun Server in Direct Graphics Access (DGA) Vulnerabilities.
  • Sun Alert ID: 57419: Running Xsun Server in Direct Graphics Access (DGA) Mode May Allow Creation of Temporary Files Insecurely or Allow a "Denial of Service" Attack.
  • BID-9147: Sun Solaris XSun Direct Graphics Access Insecure Temporary File Vulnerability
  • BID-915: Allaire Spectra 1.0 Webtop Vulnerability
  • CVE-2003-1058: The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
  • OSVDB ID: 2892: Solaris Xsun DGA Mode Local Privilege Escalation and DoS
  • SA10346: Sun Solaris Xsun DGA Mode Vulnerability

Platforms Affected:

  • Sun Solaris 2.6
  • Sun Solaris 7.0
  • Sun Solaris 8
  • Sun Solaris 9

Reported:

Dec 02, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page