Info

Disclosure

Sep 26, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Solaris contains a flaw related to the Xsun program that may allow an attacker to escalate privileges. No further details have been provided.

Classification

Location: Local Access Required
Attack Type: Attack Type Unknown
Impact: Loss of Integrity
Exploit: Exploit Unknown

Solution

Sun Microsystems, Inc. has released patches to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): remove the setuid and setgid bit from the permissions of Xsun.

Products

Sun Microsystems, Inc.	Solaris (SPARC)	7
		8 without patch 108652-93
		9 without patch 112785-50
		10 without patch 119059-05
	Solaris (x86)	7
		8 without patch 108653-82
		9 without patch 112786-39
		10 without patch 119060-05

References

Security Tracker: 1014976
Secunia Advisory ID: 16955 17246
SCIP VulDB ID: 1774
Related OSVDB ID: 19700
CVE ID: 2005-3099 (see also: NVD)
ISS X-Force ID: 22410
Keyword: BugIDs: 6265045
Other Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101800-1
Vendor Specific Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2005-220.pdf

Credit

Eric Sheridan - Towson University

Direct URL: http://osvdb.org/19699

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sun Microsystems, Inc.

Solaris (SPARC)

Solaris (x86)

References

Credit