(HP Issues Fix) X Server Bugs in XFree86, Xinput, TOG-CUP, MIT-SHM, and EVI Extensions Let Local Users Gain Root Privileges - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > X

(HP Issues Fix) X Server Bugs in XFree86, Xinput, TOG-CUP, MIT-SHM, and EVI Extensions Let Local Users Gain Root Privileges

SecurityTracker Alert ID: 1021134

SecurityTracker URL: http://securitytracker.com/id/1021134

CVE Reference: CVE-2007-5958, CVE-2007-6427, CVE-2007-6429, CVE-2008-0006 (Links to External Site)

Date: Nov 4 2008

Impact: Disclosure of system information, Disclosure of user information, Root access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 7.3

Description: Several vulnerabilities were reported in X. A local user can obtain root privileges on the target system. A local user can determine whether certain files or directories exist on the target system.

A local user can exploit any of several memory corruption errors in the X server to execute arbitrary code with the privileges of the target X server (typically root level privileges).

A local user can supply a specially PassMessage request to cause an out-of-bounds array index error and trigger a pointer dereference in the XFree86 Misc extension [CVE-2007-5760].

A local user can supply a certain type of command ('X :1 -sp <file>') specifying an arbitrary file or directory to identify whether the specified file exists in access-restricted directories based on the error message returned by the system [CVE-2007-5958].

A local user can trigger a heap corruption error in the Xinput extension [CVE-2007-6427].

A local user can read arbitrary memory contents by exploiting the ProcGetReservedColormapEntries() function in the TOG-CUP extension [CVE-2007-6428].

A local user can supply a specially crafted request to trigger an integer overflow in the pixmap creation process in the MIT-SHM and EVI extensions [CVE-2007-6429].

A local user can supply a specially crafted PCF font to trigger a buffer overflow [CVE-2008-0006].

regenrecht reported CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, and CVE-2007-6429 via iDefense. Takuya Shiozaki of CodeBlog reported CVE-2008-0006. An anonymous researcher reported CVE-2007-5859.

Impact: A local user can obtain root privileges on the target system.

A local user can determine whether files or directories exist on the target system.

Solution: HP has issued a fix for CVE-2007-5958, CVE-2007-6427, CVE-2007-6429, and CVE-2008-0006 for HP-UX.

The HP advisory is available at:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

Vendor URL: lists.freedesktop.org/archives/xorg/2008-January/031918.html (Links to External Site)

Cause: Access control error, Boundary error

Underlying OS: UNIX (HP/UX)

Message History: This archive entry is a follow-up to the message listed below.

X Server Bugs in XFree86, Xinput, TOG-CUP, MIT-SHM, and EVI Extensions Let Local Users Gain Root Privileges

Source Message Contents

Date: Tue, 4 Nov 2008 08:28:28 -0500
Subject: HPSBUX02381 SSRT080083 rev.1 - HP-UX Running Xserver, Remote Execution of Arbitrary Code



http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

CVE-2007-5958, CVE-2007-6427, CVE-2007-6429, CVE-2008-0006, CVE-2008-1377, CVE-2008-1379

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC