X.org and some X.org libraries: Local privilege escalations
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 200608-25 / xorg-x11,xorg-server,xtrans,xload,xinit,xterm,xf86dga,xdm,libX11 |
| Release Date |
August 28, 2006 |
| Latest Revision |
December 13, 2006: 02 |
| Impact |
high |
| Exploitable |
local |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| x11-apps/xdm |
<
1.0.4-r1 |
>=
1.0.4-r1 |
All supported architectures
|
| x11-apps/xinit |
<
1.0.2-r6 |
>=
1.0.2-r6 |
All supported architectures
|
| x11-apps/xload |
<
1.0.1-r1 |
>=
1.0.1-r1 |
All supported architectures
|
| x11-apps/xf86dga |
<
1.0.1-r1 |
>=
1.0.1-r1 |
All supported architectures
|
| x11-base/xorg-x11 |
<
6.9.0-r2 |
revision >=
6.8.2-r8,
>=
6.9.0-r2 |
All supported architectures
|
| x11-base/xorg-server |
<
1.1.0-r1 |
revision >=
1.0.2-r6,
>=
1.1.0-r1 |
All supported architectures
|
| x11-libs/libx11 |
<
1.0.1-r1 |
>=
1.0.1-r1 |
All supported architectures
|
| x11-libs/xtrans |
<
1.0.0-r1 |
>=
1.0.0-r1 |
All supported architectures
|
| x11-terms/xterm |
<
215 |
>=
215 |
All supported architectures
|
| app-emulation/emul-linux-x86-xlibs |
<
7.0-r2 |
>=
7.0-r2 |
AMD64
|
Related bugreports:
#135974
Synopsis
X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are vulnerable
to local privilege escalations because of unchecked setuid() calls.
2.
Impact Information
Background
X.org is an implementation of the X Window System.
Description
Several X.org libraries and X.org itself contain system calls to
set*uid() functions, without checking their result.
Impact
Local users could deliberately exceed their assigned resource limits
and elevate their privileges after an unsuccessful set*uid() system
call. This requires resource limits to be enabled on the machine.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All X.Org xdm users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xdm-1.0.4-r1"
|
All X.Org xinit users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.0.2-r6"
|
All X.Org xload users should upgrade to the latest version:
Code Listing 3.3: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xload-1.0.1-r1"
|
All X.Org xf86dga users should upgrade to the latest version:
Code Listing 3.4: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xf86dga-1.0.1-r1"
|
All X.Org users should upgrade to the latest version:
Code Listing 3.5: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.9.0-r2"
|
All X.Org X servers users should upgrade to the latest version:
Code Listing 3.6: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.0-r1"
|
All X.Org X11 library users should upgrade to the latest version:
Code Listing 3.7: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/libx11-1.0.1-r1"
|
All X.Org xtrans library users should upgrade to the latest version:
Code Listing 3.8: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/xtrans-1.0.1-r1"
|
All xterm users should upgrade to the latest version:
Code Listing 3.9: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/xterm-215"
|
All users of the X11R6 libraries for emulation of 32bit x86 on amd64
should upgrade to the latest version:
Code Listing 3.10: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-xlibs-7.0-r2"
|
Please note that the fixed packages have been available for most
architectures since June 30th but the GLSA release was held up waiting
for the remaining architectures.
4.
References
|
