TechTarget

Solaris security suffers image problem

A highly critical security hole has been reported in the X Pixmap (libXpm) technology shipped with Solaris and JDS for Linux,...

A highly critical security hole has been reported in the X Pixmap (libXpm) technology shipped with Solaris and JDS for Linux, which could allow someone to run code on your system if a modified X Pixmmap (.xpm) image is loaded.

The problem affects any machine running the X-Windows system, including most Linux distributions and most commercial Unix implantations including IBM AIX, the Solaris Common Desktop Environment (CDE), Java Desktop Service for Linux and Sun Java Desktop.

Platforms affected by the hole are Sparc Solaris 7, 8 and 9, x86 Solaris 7, 8 and 9 and Linux Sun Java Desktop System (JDS) 2003 without the updated Redhat Package Manager (RPMs) and JDS Release 2 without updated RPMs.

Last month, a hole found in how various OSes read common Jpeg image files, lead to a flurry of activity as virus makers sought to make the most of it and anti-virus experts tried to prevent a huge infection.

The Xpm problem can result in a stack-based overflow in xpmParseColors, ParsePixels and ParseAndPutPixels.

As well as this, an integer overflow can be experienced when allocating colorTable in xpmParseColors - which can cause a crash.

Sun Microsystems is still building a patch to the problem and advised users to avoid loading X PixMap (.xmp) images from untrusted sources in the meantime.

Laura Berrill writes for Techworld.com

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close