Sun Solaris Xsun(1) and Xprt(1) command execution

solaris-xsun-xprt-command-execution (22410) The risk level is classified as HighHigh Risk

Description:

Sun Solaris could allow a local attacker to execute arbitrary code caused by an unspecified vulnerability in the Xsun(1) and Xprt(1) commands. A local attacker could use this vulnerability to execute arbitrary code on the system with the privileges of either the Xsun(1) or Xprt(1) command.


Consequences:

Gain Access

Remedy:

For Sun Solaris:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 101800 for more information. See References.

SPARC Platform
Solaris 8 with patch: 108652-93 or later
Solaris 9 with patch: 112785-50 or later
Solaris 10 with patch: 119059-05 or later

x86 Platform
Solaris 8 with patch: 108653-82 or later
Solaris 9 with patch: 112786-39 or later
Solaris 10 with patch: 119060-05 or later

Note: It is reported that a final resolution is pending for Solaris 7.

As a workaround, follow the instructions for removing the setuid(2) or setgid(2) bit from Xsun(1) and Xprt(1), as listed in Sun Alert ID: 101800. See References.

References:

  • Sun Alert ID: 101800: Security Vulnerability in the Xsun(1) and Xprt(1) Commands.
  • BID-14949: Sun Solaris Xsun and Xprt Local Privilege Escalation Vulnerability
  • CVE-2005-3099: Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.
  • OSVDB ID: 19699: Solaris Xsun Unspecified Local Privilege Escalation
  • OSVDB ID: 19700: Solaris Xprt Unspecified Local Privilege Escalation
  • SA16955: Sun Solaris Xsun and Xprt Privilege Escalation Vulnerability
  • SA17246: Avaya CMS / IR Solaris Xsun and Xprt Privilege Escalation Vulnerability

Platforms Affected:

  • Sun Solaris 10 SPARC
  • Sun Solaris 7.0
  • Sun Solaris 8.0
  • Sun Solaris 9 SPARC

Reported:

Sep 26, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page