Linuxtrent: Fwd: [SECURITY] [DSA-030-1] Multiple security problems in X
- From: Mario Torre <mario.torre@xxxxxxxxxxxx>
- To: linuxtrent@xxxxxxxxxxxxxxxxx
- Date: Wed, 14 Feb 2001 10:12:34 +0100
Qualcuno aveva chiesto notizie sugli aggiornamenti di X per debian (e
presumibilmente per altre distribuzioni).
Ho trovato questo annuncio su bugtraq, forse puo' essere utile!
Ciao, Mario (ogni tanto mi faccio risentire! :)
---------- Forwarded Message ----------
Subject: [SECURITY] [DSA-030-1] Multiple security problems in X
Date: Mon, 12 Feb 2001 10:10:30 -0700
From: debian-security-announce@xxxxxxxxxxxxxxxx
To: BUGTRAQ@xxxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
- ------------------------------------------------------------------------
Debian Security Advisory DSA-030-1 security@xxxxxxxxxx
http://www.debian.org/security/ Wichert Akkerman
February 12, 2001
- ------------------------------------------------------------------------
Package : xfree86-1
Vulnerability : buffer overflow, insecure tempfile handling,
denial-of-service attack
Debian-specific: no
Chris Evans, Joseph S. Myers, Michal Zalewski, Alan Cox, and others have
noted a number of problems in several components of the X Window System
sample implementation (from which XFree86 is derived). While there are no
known reports of real-world malicious exploits of any of these problems, it
is nevertheless suggested that you upgrade your XFree86 packages
immediately.
The scope of this advisory is XFree86 3.3.6 only, since that is the version
released with Debian GNU/Linux 2.2 ("potato"); Debian packages of XFree86
4.0 and later have not been released as part of a Debian distribution.
Several people are responsible for authoring the fixes to these problems,
including Aaron Campbell, Paulo Cesar Pereira de Andrade, Keith Packard,
David Dawes, Matthieu Herrb, Trevor Johnson, Colin Phipps, and Branden
Robinson.
- - The X servers are vulnerable to a denial-of-service attack during
XC-SECURITY protocol negotiation.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
- - X clients based on Xlib (which is most of them) are subject to potential
buffer overflows in the _XReply() and _XAsyncReply() functions if they
connect to a maliciously-coded X server that places bogus data in its X
protocol replies.
NOTE: This is only an effective attack against X clients running with
elevated privileges (setuid or setgid programs), and offers potential
access only to the elevated privilege. For instance, the most common
setuid X client is probably xterm. On many Unix systems, xterm is setuid
root; in Debian 2.2, xterm is only setgid utmp, which means that an
effective exploit is limited to corruption of the lastlog, utmp, and wtmp
files -- *not* general root access. Also note that the attacker must
already have sufficient privileges to start such an X client and
successfully connect to the X server.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
- - There is a buffer overflow (not stack-based) in xdm's XDMCP code.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
- - There is a one-byte overflow in Xtrans.c.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
- - Xtranssock.c is also subject to buffer overflow problems.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
- - There is a buffer overflow with the -xkbmap X server flag.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
- - The MultiSrc widget in the Athena widget library handle temporary files
insecurely.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
- - The imake program handles temporary files insecurely when executing
install rules.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
- - The ICE library is subject to buffer overflow attacks.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
- - The xauth program handles temporary files insecurely.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
- - The XauLock() function in the Xau library handles temporary files
insecurely.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
- - The gccmakedep and makedepend programs handle temporary files insecurely.
Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2
All of the above issues are resolved by this security release.
There are several other XFree86 security issues commonly discussed in
conjunction with the above, to which an up-to-date Debian 2.2 system is
*NOT* vulnerable:
- - There are 4 distinct problems with Xlib's XOpenDisplay() function in
which a maliciously coded X server could cause a denial-of-service attack
or buffer overflow. As before, this is only an effective attack against
X clients running with elevated privileges, and the attacker must already
have sufficient privileges to start such an X client and successfully
connect to the X server. Debian 2.2 and 2.2r1 are only vulnerable to one
of these problems, because we applied patches to XFree86 3.3.6 to correct
the other three. An additional patch applied for Debian 2.2r2 corrected
the fourth.
Vulnerable: Debian 2.2, Debian 2.2r1
- - The AsciiSrc widget in the Athena widget library handles temporary files
insecurely. Debian 2.2r2 is not vulnerable to this problem because we
applied a patch to correct it.
Vulnerable: Debian 2.2, Debian 2.2r1
- - The imake program uses mktemp() instead of mkstemp(). This problem does
not exist in XFree86 3.3.6, and therefore no release of Debian 2.2 is
affected.
These problems have been fixed in version 3.3.6-11potato32 and we recommand
that you upgrade your X packages immediately.
[...]
--
To UNSUBSCRIBE, email to debian-security-announce-request@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
-------------------------------------------------------
--
--=*=--=*=--=*=--=*=--=*=--=*=--=*=--=*=--
http://frinemusic.8m.com
http://antartica.sourceforge.net
http://digilander.iol.it/linuxlabs
--=*=--=*=--=*=--=*=--=*=--=*=--=*=--=*=--
--
Per iscriversi (o disiscriversi), basta spedire un messaggio con SOGGETTO
"subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxxxxxx
Other related posts:
- » Linuxtrent: Fwd: [SECURITY] [DSA-030-1] Multiple security problems in X