19699 : Solaris Xsun Unspecified Local Privilege Escalation
Printer | http://osvdb.org/19699 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
3	355	over 6 years ago	over 3 years ago	0 times	85%

Timeline

Disclosure Date
2005-09-26

Keywords

BugIDs: 6265045

Description

Solaris contains a flaw related to the Xsun program that may allow an attacker to escalate privileges. No further details have been provided.

Classification

Location: Local Access Required
Attack Type: Attack Type Unknown
Impact: Loss of Integrity
Exploit: Exploit Unknown

Solution

Sun Microsystems, Inc. has released patches to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): remove the setuid and setgid bit from the permissions of Xsun.

Products

Sun Microsystems, Inc.	Solaris (SPARC)	7
		8 without patch 108652-93
		9 without patch 112785-50
		10 without patch 119059-05
	Solaris (x86)	7
		8 without patch 108653-82
		9 without patch 112786-39
		10 without patch 119060-05

References

Security Tracker: 1014976
Secunia Advisory ID: 16955 17246
SCIP VulDB ID: 1774
Related OSVDB ID: 19700
CVE ID: 2005-3099 (see also: NVD)
ISS X-Force ID: 22410
Keyword: BugIDs: 6265045
Other Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101800-1
Vendor Specific Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2005-220.pdf

Credit

Eric Sheridan - Towson University

CVSSv2 Score

CVSSv2 Base Score = 4.6
Source: nvd.nist.gov | Generated: 2005-09-29 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.