Solaris xlock Heap Overflow Vulnerability

Xlock is a utility for locking X-windows displays. It is installed setuid root because it uses the user's password to authorize access to the display when it is locked.

The version of xlock that ships with Solaris as part of OpenWindows contains a heap overflow in it's handling of an environment variable.

Local attackers may be able to execute arbitrary code with effective privileges of xlock.

Information

Bugtraq ID: 3160
Class: Boundary Condition Error
CVE:
Remote: No
Local: Yes
Published: Aug 09 2001 12:00AM
Updated: Jan 31 2019 02:00AM
Credit: Discovered by Nsfocus Security Team <[email protected]>.
Vulnerable: Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.6_x86
Sun Solaris 2.6

Not Vulnerable:

Exploit

Exploits for Sparc and Intel versions of Solaris are available.

/data/vulnerabilities/exploits/sol_sparc_xlockex.c
/data/vulnerabilities/exploits/sol_x86_xlockex.c
/data/vulnerabilities/exploits/sol_sparc_xlockex.c
/data/vulnerabilities/exploits/sol_x86_xlockex.c

References:

Sunsolve Online(tm) (Sun Microsystems)

Source: www.securityfocus.com

Exploit Collector

Search Exploit