SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   xpcd Vendors:   Knorr, Gerd
xpcd Buffer Overflow in HOME Environment Variable May Yield Root Privileges to Local Users
SecurityTracker Alert ID:  1007442
SecurityTracker URL:  http://securitytracker.com/id/1007442
CVE Reference:   CAN-2003-0649   (Links to External Site)
Updated:  Jun 1 2004
Original Entry Date:  Aug 9 2003
Impact:   Execution of arbitrary code via local system, Root access via local system, User access via local system

Version(s): 2.08
Description:   A buffer overflow vulnerability was reported in xpcd-svga. A local user can execute arbitrary code, potentially with root privileges.

It is reported that a local user can supply a specially crafted, long value for the HOME environment variable to trigger the overflow. Arbitrary code can reportedly be executed (with root privileges on some systems).

Steve Kemp is credited with reporting this flaw.

[Editor's note: An exploit by r-code (Elite FXP Team) was posted in June 2003. The exploit notes that xpcd is not normally configured with set user id (setuid) privileges. However, Debian reports that xpcd-svga may yield root privilieges on Debian.]
Impact:   A local user can execute arbitrary code with the privileges of xpcd, which may be root privileges on some systems.
Solution:   No upstream solution was available at the time of this entry.

[Editor's note: Debian is releasing a fix for Debian Linux. A separate Alert will be issued regarding the Debian fix -- see the Message History.]
Vendor URL:  bytesex.org/index.html (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 9 2003 (Debian Issues Fix) xpcd Buffer Overflow in HOME Environment Variable May Yield Root Privileges to Local Users   (Matt Zimmerman <mdz@debian.org>)
Debian has released a fix.
Jun 1 2004 (Mandrake Issues Fix) xpcd Buffer Overflow in HOME Environment Variable May Yield Root Privileges to Local Users   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.


 Source Message Contents
Date:  Sat, 09 Aug 2003 00:34:24 -0400
Subject:  xpcd


CVE: CAN-2003-0649

Debian reported that Steve Kemp discovered a buffer overflow in xpcd-svga.  A specially 
crafted, long value for the HOME environment variable can trigger the overflow and execute 
arbitrary code with root privileges.

Version: 2.08

http://bytesex.org/index.html


[Editor's note:  An exploit by r-code (Elite FXP Team) was posted in July 2003.  The 
exploit notes that xpcd is not normally configured with set user id (setuid) privileges. 
However, Debian reports that xpcd-svga may yield root privilieges on Debian.]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC