Solaris security suffers image problem


Solaris security suffers image problem

A highly critical security hole has been reported in the X Pixmap (libXpm) technology shipped with Solaris and JDS for Linux, which could allow someone to run code on your system if a modified X Pixmmap (.xpm) image is loaded.

The problem affects any machine running the X-Windows system, including most Linux distributions and most commercial Unix implantations including IBM AIX, the Solaris Common Desktop Environment (CDE), Java Desktop Service for Linux and Sun Java Desktop.

Platforms affected by the hole are Sparc Solaris 7, 8 and 9, x86 Solaris 7, 8 and 9 and Linux Sun Java Desktop System (JDS) 2003 without the updated Redhat Package Manager (RPMs) and JDS Release 2 without updated RPMs.

Last month, a hole found in how various OSes read common Jpeg image files, lead to a flurry of activity as virus makers sought to make the most of it and anti-virus experts tried to prevent a huge infection.

The Xpm problem can result in a stack-based overflow in xpmParseColors, ParsePixels and ParseAndPutPixels.

As well as this, an integer overflow can be experienced when allocating colorTable in xpmParseColors - which can cause a crash.

Sun Microsystems is still building a patch to the problem and advised users to avoid loading X PixMap (.xmp) images from untrusted sources in the meantime.

Laura Berrill writes for

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy