what you don't know can hurt you


Posted May 18, 1997

Vulnerability in ffbconfig

MD5 | ecfe83624988101045b5bd5ffb5bbf05


Change Mirror Download

From jericho@netcom.com Wed May 14 20:55:51 1997
Date: Wed, 14 May 1997 19:40:25 -0700 (PDT)
From: Disgruntled Customer <jericho@netcom.com>
To: jericho@dimensional.com
Subject: Sun Security Bulletin #00140 (fwd)

---------- Forwarded message ----------
Date: Wed, 14 May 1997 13:58:05 -0700
From: Sun Security Coordination Team <secure@sunsc.Eng.Sun.COM>
To: bugtraq@netspace.org
Subject: Sun Security Bulletin #00140


Sun Microsystems, Inc. Security Bulletin

Bulletin Number: #00140
Date: 14 May 1997
Cross-Ref: AUSCERT AA-97.06
Title: Vulnerability in ffbconfig

Permission is granted for the redistribution of this Bulletin, so long as
the Bulletin is not edited and is attributed to Sun Microsystems. Portions
may also be excerpted for re-use in other security advisories so long as
proper attribution is included.

Any other use of this information without the express written consent of
Sun Microsystems is prohibited. Sun Microsystems expressly disclaims all
liability for any misuse of this information by any third party.

1. Bulletins Topics

Sun announces the release of patches for Solaris 2.5.1 (SunOS 5.5.1) and
Solaris 2.5 (SunOS 5.5) that relate to vulnerabilities in the ffbconfig
program, which can result in root access if exploited.

Sun strongly recommends that you install these patches immediately on
every affected system. Exploitation information for ffbconfig is publicly

2. Who is Affected

Vulnerable: SunOS versions 5.5.1 and 5.5 SPARC running the Creator
FFB Graphics Accelerator.
See section 4. Understanding the Vulnerability, for a way
to test if a system is affected.

Not vulnerable: All other supported versions of SunOS

This vulnerability does not exist in the upcoming release of Solaris 2.6.

3. What to Do

Install the patches listed in 5.

4. Understanding the Vulnerability

The ffbconfig program configures the Creator Fast Frame Buffer (FFB)
Graphics Accelerator, which is part of the FFB Configuration Software
Package, SUNWffbcf. This software is used when the FFB Graphics accelerator
card is installed. Due to insufficient bounds checking on arguments, it is
possible to overwrite the internal stack space of the ffbconfig program.
If exploited, this vulnerability can be used to gain root access on
attacked systems.

To test if a system is vulnerable, run the following command to check for
the presence of SUNWffbcf package which is installed when the FFB Graphics
accelerator card is present:

/usr/bin/pkginfo -l SUNWffbcf

If it is not present, you will get an error message stating that SUNWffbcf
was not found. If it is present, ffbconfig is installed in /usr/sbin.

5. List of Patches

The vulnerability relating to ffbconfig is fixed by the following patches:

OS version Patch ID
---------- --------
SunOS 5.5.1 103796-09
SunOS 5.5 103076-09

The above-mentioned patches are listed in the Graphics section under
Unbundled Products at


6. Checksum Table

The checksum table below shows the BSD checksums (SunOS 5.x: /usr/ucb/sum),
SVR4 checksums (SunOS 5.x: /usr/bin/sum), and the MD5 digital signatures
for the above-mentioned patches that are available from:


These checksums may not apply if you obtain patches from your answer

File Name BSD SVR4 MD5
--------------- --------- --------- --------------------------------
103796-09.tar.Z 37854 2479 55959 4957 4994176B4C03215BD2707B87921C5096
103076-09.tar.Z 33438 2435 42064 4869 0A8AA3C106C4F09448220C1B0B714CD1


Sun acknowledges with thanks CERT/CC and AUSCERT for their assistance in the
preparation of this bulletin.

Sun, CERT/CC, and AUSCERT are members of FIRST, the Forum of Incident Response
and Security Teams. For more information about FIRST, visit the FIRST web site
at "http://www.first.org/".


A. Patches listed in this security bulletin are available to all Sun customers
via World Wide Web at:


Customers with Sun support contracts can also obtain patches from local
Sun answer centers and SunSITEs worldwide.

B. To report or inquire about a security problem with Sun software, contact
one or more of the following:

- Your local Sun answer centers
- Your representative computer security response team, such as CERT
- Sun Security Coordination Team. Send email to:


C. To receive information or subscribe to our CWS (Customer Warning System)
mailing list, send email to:


with a subject line (not body) containing one of the following commands:

Command Information Returned/Action Taken
------- ---------------------------------

HELP An explanation of how to get information

LIST A list of current security topics

QUERY [topic] The mail containing the question is relayed to
the Security Coordination Team for response.

REPORT [topic] The mail containing the text is treated as a
security report and forwarded to the Security
Coordination Team. We do not recommend that detailed
problem descriptions be sent in plain text.

SEND topic A short status summary or bulletin. For example, to
retrieve a Security Bulletin #00138, supply the
following in the subject line (not body):

SEND #138

SUBSCRIBE Sender is added to our mailing list. To subscribe,
supply the following in the subject line (not body):

SUBSCRIBE cws your-email-address

Note that your-email-address should be substituted
by your email address.

UNSUBSCRIBE Sender is removed from our mailing list.

Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By