Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200608-25 ] X.org and some X.org libraries: Local privilege escalations
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1581

PostPosted: Mon Aug 28, 2006 5:26 pm    Post subject: [ GLSA 200608-25 ] X.org and some X.org libraries: Local pri Reply with quote

Gentoo Linux Security Advisory

Title: X.org and some X.org libraries: Local privilege escalations (GLSA 200608-25)
Severity: high
Exploitable: local
Date: August 28, 2006
Updated: December 13, 2006
Bug(s): #135974
ID: 200608-25

Synopsis

X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are vulnerable to local privilege escalations because of unchecked setuid() calls.

Background

X.org is an implementation of the X Window System.

Affected Packages

Package: x11-apps/xdm
Vulnerable: < 1.0.4-r1
Unaffected: >= 1.0.4-r1
Architectures: All supported architectures

Package: x11-apps/xinit
Vulnerable: < 1.0.2-r6
Unaffected: >= 1.0.2-r6
Architectures: All supported architectures

Package: x11-apps/xload
Vulnerable: < 1.0.1-r1
Unaffected: >= 1.0.1-r1
Architectures: All supported architectures

Package: x11-apps/xf86dga
Vulnerable: < 1.0.1-r1
Unaffected: >= 1.0.1-r1
Architectures: All supported architectures

Package: x11-base/xorg-x11
Vulnerable: < 6.9.0-r2
Unaffected: >= 6.8.2-r8 < 6.8.3
Unaffected: >= 6.9.0-r2
Architectures: All supported architectures

Package: x11-base/xorg-server
Vulnerable: < 1.1.0-r1
Unaffected: >= 1.0.2-r6 < 1.0.3
Unaffected: >= 1.1.0-r1
Architectures: All supported architectures

Package: x11-libs/libx11
Vulnerable: < 1.0.1-r1
Unaffected: >= 1.0.1-r1
Architectures: All supported architectures

Package: x11-libs/xtrans
Vulnerable: < 1.0.0-r1
Unaffected: >= 1.0.0-r1
Architectures: All supported architectures

Package: x11-terms/xterm
Vulnerable: < 215
Unaffected: >= 215
Architectures: All supported architectures

Package: app-emulation/emul-linux-x86-xlibs
Vulnerable: < 7.0-r2
Unaffected: >= 7.0-r2
Architectures: amd64


Description

Several X.org libraries and X.org itself contain system calls to set*uid() functions, without checking their result.

Impact

Local users could deliberately exceed their assigned resource limits and elevate their privileges after an unsuccessful set*uid() system call. This requires resource limits to be enabled on the machine.

Workaround

There is no known workaround at this time.

Resolution

All X.Org xdm users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xdm-1.0.4-r1"
All X.Org xinit users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.0.2-r6"
All X.Org xload users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xload-1.0.1-r1"
All X.Org xf86dga users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xf86dga-1.0.1-r1"
All X.Org users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.9.0-r2"
All X.Org X servers users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.0-r1"
All X.Org X11 library users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/libx11-1.0.1-r1"
All X.Org xtrans library users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/xtrans-1.0.1-r1"
All xterm users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/xterm-215"
All users of the X11R6 libraries for emulation of 32bit x86 on amd64 should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-xlibs-7.0-r2"
Please note that the fixed packages have been available for most architectures since June 30th but the GLSA release was held up waiting for the remaining architectures.

References

X.Org security advisory
CVE-2006-4447


Last edited by GLSA on Thu Dec 14, 2006 4:18 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum