1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200608-25">
<title>X.org and some X.org libraries: Local privilege escalations</title>
<synopsis>
X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are vulnerable
to local privilege escalations because of unchecked setuid() calls.
</synopsis>
<product type="ebuild">xorg-x11,xorg-server,xtrans,xload,xinit,xterm,xf86dga,xdm,libX11</product>
<announced>August 28, 2006</announced>
<revised>December 13, 2006: 02</revised>
<bug>135974</bug>
<access>local</access>
<affected>
<package name="x11-apps/xdm" auto="yes" arch="*">
<unaffected range="ge">1.0.4-r1</unaffected>
<vulnerable range="lt">1.0.4-r1</vulnerable>
</package>
<package name="x11-apps/xinit" auto="yes" arch="*">
<unaffected range="ge">1.0.2-r6</unaffected>
<vulnerable range="lt">1.0.2-r6</vulnerable>
</package>
<package name="x11-apps/xload" auto="yes" arch="*">
<unaffected range="ge">1.0.1-r1</unaffected>
<vulnerable range="lt">1.0.1-r1</vulnerable>
</package>
<package name="x11-apps/xf86dga" auto="yes" arch="*">
<unaffected range="ge">1.0.1-r1</unaffected>
<vulnerable range="lt">1.0.1-r1</vulnerable>
</package>
<package name="x11-base/xorg-x11" auto="yes" arch="*">
<unaffected range="rge">6.8.2-r8</unaffected>
<unaffected range="ge">6.9.0-r2</unaffected>
<vulnerable range="lt">6.9.0-r2</vulnerable>
</package>
<package name="x11-base/xorg-server" auto="yes" arch="*">
<unaffected range="rge">1.0.2-r6</unaffected>
<unaffected range="ge">1.1.0-r1</unaffected>
<vulnerable range="lt">1.1.0-r1</vulnerable>
</package>
<package name="x11-libs/libx11" auto="yes" arch="*">
<unaffected range="ge">1.0.1-r1</unaffected>
<vulnerable range="lt">1.0.1-r1</vulnerable>
</package>
<package name="x11-libs/xtrans" auto="yes" arch="*">
<unaffected range="ge">1.0.0-r1</unaffected>
<vulnerable range="lt">1.0.0-r1</vulnerable>
</package>
<package name="x11-terms/xterm" auto="yes" arch="*">
<unaffected range="ge">215</unaffected>
<vulnerable range="lt">215</vulnerable>
</package>
<package name="app-emulation/emul-linux-x86-xlibs" auto="yes" arch="amd64">
<unaffected range="ge">7.0-r2</unaffected>
<vulnerable range="lt">7.0-r2</vulnerable>
</package>
</affected>
<background>
<p>
X.org is an implementation of the X Window System.
</p>
</background>
<description>
<p>
Several X.org libraries and X.org itself contain system calls to
set*uid() functions, without checking their result.
</p>
</description>
<impact type="high">
<p>
Local users could deliberately exceed their assigned resource limits
and elevate their privileges after an unsuccessful set*uid() system
call. This requires resource limits to be enabled on the machine.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All X.Org xdm users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xdm-1.0.4-r1"</code>
<p>
All X.Org xinit users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.0.2-r6"</code>
<p>
All X.Org xload users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xload-1.0.1-r1"</code>
<p>
All X.Org xf86dga users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xf86dga-1.0.1-r1"</code>
<p>
All X.Org users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.9.0-r2"</code>
<p>
All X.Org X servers users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.0-r1"</code>
<p>
All X.Org X11 library users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/libx11-1.0.1-r1"</code>
<p>
All X.Org xtrans library users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/xtrans-1.0.1-r1"</code>
<p>
All xterm users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/xterm-215"</code>
<p>
All users of the X11R6 libraries for emulation of 32bit x86 on amd64
should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-xlibs-7.0-r2"</code>
<p>
Please note that the fixed packages have been available for most
architectures since June 30th but the GLSA release was held up waiting
for the remaining architectures.
</p>
</resolution>
<references>
<uri link="http://lists.freedesktop.org/archives/xorg/2006-June/016146.html">X.Org security advisory</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447">CVE-2006-4447</uri>
</references>
<metadata tag="requester" timestamp="Wed, 16 Aug 2006 08:09:58 +0000">
falco
</metadata>
<metadata tag="submitter" timestamp="Mon, 21 Aug 2006 15:45:11 +0000">
falco
</metadata>
<metadata tag="bugReady" timestamp="Wed, 23 Aug 2006 20:02:52 +0000">
falco
</metadata>
</glsa>
|
GitWeb