Xdm May Let Local Users View the Error Log Files of a Target User
|
|
SecurityTracker Alert ID: 1017015
|
|
SecurityTracker URL: http://securitytracker.com/id?1017015
|
|
CVE Reference: CVE-2006-5215
(Links to External Site)
|
Updated: Dec 17 2006
|
Original Entry Date: Oct 9 2006
|
Impact: Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in xdm. A local user may be able to view error logs of other users.
A local user can exploit a race condition in the setting of file access permissions on the xdm error log file ($HOME/.xsession-errors)
to read the error log file of a target user.
A local user can also exploit a race condition in the setting of file access permissions
on the alternate xdm error log file (${TMP-/tmp}/xses-$USER) to read the error log file of a target user.
Steven Bellovin reported
these vulnerabilities.
The original reports are available at:
http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32804
http://www.netbsd.org/cgi-bin/query-pr-
single.pl?number=32805
|
Impact: A local user may be able to view the error log file of other users.
|
Solution: A fix for the freedesktop.org implementation is available via CVS.
|
Cause: Access control error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Mon, 9 Oct 2006 08:34:49 -0400
Subject: xdm vulnerabilities
|
bug 5897:
A local unprivileged user may be able to view the xdm(1) error log file,
$HOME/.xsession-errors, of another user.
https://bugs.freedesktop.org/show_bug.cgi?id=5897
bug 5898:
A local unprivileged user may be able to view the alternate xdm(1) error log file,
${TMP-/tmp}/xses-$USER, of another user. This alternate log file is only used if the
$HOME/.xsession-errors file could not be created (BugID 6388471).
https://bugs.freedesktop.org/show_bug.cgi?id=5898
|
|
