SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Xlib Vendors:   XFree86 Project
XFree86 Xlib (libX11.so) Library Path Specification Bug May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1005266
SecurityTracker URL:  http://securitytracker.com/id/1005266
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 21 2002
Impact:   Execution of arbitrary code via local system, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.2.0 and prior versions
Description:   A vulnerability has been reported in the XFree86 Xlib library. A local user could load and execute arbitrary code with elevated privileges, possibly including root privileges.

It is reported that the libX11.so library will dynamically load other libraries using a user-supplied pathname (specified in LD_PRELOAD), even when linked against set user id (setuid) programs. Because of this, a local user can supply an alternate pathname to cause arbitrary code to be executed with setuid privileges, possibly including root privileges.

Impact:   A local user could execute arbitrary code with elevated privileges.
Solution:   The vendor has released a fixed version (4.2.1), available at:

http://www.xfree86.org/#currentrel

Vendor URL:  www.xfree86.org/security/ (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(SuSE Issues Fix) XFree86 Xlib (libX11.so) Library Path Specification Bug May Let Local Users Gain Elevated Privileges
SuSE has released a fix.



 Source Message Contents

Subject:  XFree86 Xlib Bug


A vulnerability has been reported in the XFree86 Xlib library.  A local
user could possibly load and execute arbitrary code with elevated
privileges.

According to SuSE, the libX11.so library will dynamically load other
libraries using a user-supplied pathname, even when linked against set
user id (setuid) programs.  Because of this, a local user can supply an
alternate pathname to cause arbitrary code to be executed with setuid
privileges, possibly including root privileges.

-------------------------

  XFree86 4.2.1 
  by Tushar (http://freshmeat.net/users/tusharteredesai/)
  Friday, September 20th 2002 13:30

Desktop Environment

About: XFree86 is a freely redistributable implementation of the X
Window System that runs on UNIX(R) and UNIX-like operating systems.

Changes: A zlib bug that may have security implications on some
platforms has been fixed. MIT-SHM has been updated to not access SHM
segments that the client doesn't have sufficient privileges to access.
An Xlib problem that made it possible to load (and executure) arbitrary
code in privileged clients has been fixed. This release is available
only in the form of a patch to version 4.2.0.

License: OSI Approved

URL: http://freshmeat.net/projects/xfree86/


--------------

Also from http://www.xfree86.org/security/

# 4.2.1:

* Fix a zlib bug that may have security implication on some platforms.
* MIT-SHM update to not access SHM segments that the client doesn't have
sufficient privileges to access.
* Fix an Xlib problem that made it possible to load (and executure)
arbitrary code in privileged clients


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC