[gentoo-announce] [ GLSA 200805-03 ] Multiple X11 terminals: Local privilege escalation - gentoo-announce

From:	Tobias Heinlein <keytoaster@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200805-03 ] Multiple X11 terminals: Local privilege escalation
Date:	Wed, 07 May 2008 18:59:31
Message-Id:	`4821FB67.7070904@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200805-03

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Multiple X11 terminals: Local privilege escalation

9

      Date: May 07, 2008

10

      Bugs: #216833, #217819, #219746, #219750, #219754, #219760, #219762

11

        ID: 200805-03

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

A vulnerability was found in aterm, Eterm, Mrxvt, multi-aterm, RXVT,

19

rxvt-unicode, and wterm, allowing for local privilege escalation.

20

21

Background

22

==========

23

24

Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11

25

terminal emulators.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package                 /   Vulnerable   /             Unaffected

32

    -------------------------------------------------------------------

33

  1  x11-terms/aterm             < 1.0.1-r1                >= 1.0.1-r1

34

  2  x11-terms/eterm             < 0.9.4-r1                >= 0.9.4-r1

35

  3  x11-terms/mrxvt             < 0.5.3-r2                >= 0.5.3-r2

36

  4  x11-terms/multi-aterm       < 0.2.1-r1                >= 0.2.1-r1

37

  5  x11-terms/rxvt              < 2.7.10-r4              >= 2.7.10-r4

38

  6  x11-terms/rxvt-unicode       < 9.02-r1                 >= 9.02-r1

39

  7  x11-terms/wterm             < 6.2.9-r3                >= 6.2.9-r3

40

    -------------------------------------------------------------------

41

     7 affected packages on all of their supported architectures.

42

    -------------------------------------------------------------------

43

44

Description

45

===========

46

47

Bernhard R. Link discovered that Eterm opens a terminal on :0 if the

48

"-display" option is not specified and the DISPLAY environment variable

49

is not set. Further research by the Gentoo Security Team has shown that

50

aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also

51

affected.

52

53

Impact

54

======

55

56

A local attacker could exploit this vulnerability to hijack X11

57

terminals of other users.

58

59

Workaround

60

==========

61

62

There is no known workaround at this time.

63

64

Resolution

65

==========

66

67

All aterm users should upgrade to the latest version:

68

69

    # emerge --sync

70

    # emerge --ask --oneshot --verbose ">=x11-terms/aterm-1.0.1-r1"

71

72

All Eterm users should upgrade to the latest version:

73

74

    # emerge --sync

75

    # emerge --ask --oneshot --verbose ">=x11-terms/eterm-0.9.4-r1"

76

77

All Mrxvt users should upgrade to the latest version:

78

79

    # emerge --sync

80

    # emerge --ask --oneshot --verbose ">=x11-terms/mrxvt-0.5.3-r2"

81

82

All multi-aterm users should upgrade to the latest version:

83

84

    # emerge --sync

85

    # emerge --ask --oneshot --verbose ">=x11-terms/multi-aterm-0.2.1-r1"

86

87

All RXVT users should upgrade to the latest version:

88

89

    # emerge --sync

90

    # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-2.7.10-r4"

91

92

All rxvt-unicode users should upgrade to the latest version:

93

94

    # emerge --sync

95

    # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-9.02-r1"

96

97

All wterm users should upgrade to the latest version:

98

99

    # emerge --sync

100

    # emerge --ask --oneshot --verbose ">=x11-terms/wterm-6.2.9-r3"

101

102

References

103

==========

104

105

  [ 1 ] CVE-2008-1142

106

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142

107

  [ 2 ] CVE-2008-1692

108

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692

109

110

Availability

111

============

112

113

This GLSA and any updates to it are available for viewing at

114

the Gentoo Security Website:

115

116

  http://security.gentoo.org/glsa/glsa-200805-03.xml

117

118

Concerns?

119

=========

120

121

Security is a primary focus of Gentoo Linux and ensuring the

122

confidentiality and security of our users machines is of utmost

123

importance to us. Any security concerns should be addressed to

124

security@g.o or alternatively, you may file a bug at

125

http://bugs.gentoo.org.

126

127

License

128

=======

129

130

Copyright 2008 Gentoo Foundation, Inc; referenced text

131

belongs to its owner(s).

132

133

The contents of this document are licensed under the

134

Creative Commons - Attribution / Share Alike license.

135

136

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200805-03
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Multiple X11 terminals: Local privilege escalation
9	Date: May 07, 2008
10	Bugs: #216833, #217819, #219746, #219750, #219754, #219760, #219762
11	ID: 200805-03
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	A vulnerability was found in aterm, Eterm, Mrxvt, multi-aterm, RXVT,
19	rxvt-unicode, and wterm, allowing for local privilege escalation.
20
21	Background
22	==========
23
24	Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11
25	terminal emulators.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 x11-terms/aterm < 1.0.1-r1 >= 1.0.1-r1
34	2 x11-terms/eterm < 0.9.4-r1 >= 0.9.4-r1
35	3 x11-terms/mrxvt < 0.5.3-r2 >= 0.5.3-r2
36	4 x11-terms/multi-aterm < 0.2.1-r1 >= 0.2.1-r1
37	5 x11-terms/rxvt < 2.7.10-r4 >= 2.7.10-r4
38	6 x11-terms/rxvt-unicode < 9.02-r1 >= 9.02-r1
39	7 x11-terms/wterm < 6.2.9-r3 >= 6.2.9-r3
40	-------------------------------------------------------------------
41	7 affected packages on all of their supported architectures.
42	-------------------------------------------------------------------
43
44	Description
45	===========
46
47	Bernhard R. Link discovered that Eterm opens a terminal on :0 if the
48	"-display" option is not specified and the DISPLAY environment variable
49	is not set. Further research by the Gentoo Security Team has shown that
50	aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also
51	affected.
52
53	Impact
54	======
55
56	A local attacker could exploit this vulnerability to hijack X11
57	terminals of other users.
58
59	Workaround
60	==========
61
62	There is no known workaround at this time.
63
64	Resolution
65	==========
66
67	All aterm users should upgrade to the latest version:
68
69	# emerge --sync
70	# emerge --ask --oneshot --verbose ">=x11-terms/aterm-1.0.1-r1"
71
72	All Eterm users should upgrade to the latest version:
73
74	# emerge --sync
75	# emerge --ask --oneshot --verbose ">=x11-terms/eterm-0.9.4-r1"
76
77	All Mrxvt users should upgrade to the latest version:
78
79	# emerge --sync
80	# emerge --ask --oneshot --verbose ">=x11-terms/mrxvt-0.5.3-r2"
81
82	All multi-aterm users should upgrade to the latest version:
83
84	# emerge --sync
85	# emerge --ask --oneshot --verbose ">=x11-terms/multi-aterm-0.2.1-r1"
86
87	All RXVT users should upgrade to the latest version:
88
89	# emerge --sync
90	# emerge --ask --oneshot --verbose ">=x11-terms/rxvt-2.7.10-r4"
91
92	All rxvt-unicode users should upgrade to the latest version:
93
94	# emerge --sync
95	# emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-9.02-r1"
96
97	All wterm users should upgrade to the latest version:
98
99	# emerge --sync
100	# emerge --ask --oneshot --verbose ">=x11-terms/wterm-6.2.9-r3"
101
102	References
103	==========
104
105	[ 1 ] CVE-2008-1142
106	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142
107	[ 2 ] CVE-2008-1692
108	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692
109
110	Availability
111	============
112
113	This GLSA and any updates to it are available for viewing at
114	the Gentoo Security Website:
115
116	http://security.gentoo.org/glsa/glsa-200805-03.xml
117
118	Concerns?
119	=========
120
121	Security is a primary focus of Gentoo Linux and ensuring the
122	confidentiality and security of our users machines is of utmost
123	importance to us. Any security concerns should be addressed to
124	security@g.o or alternatively, you may file a bug at
125	http://bugs.gentoo.org.
126
127	License
128	=======
129
130	Copyright 2008 Gentoo Foundation, Inc; referenced text
131	belongs to its owner(s).
132
133	The contents of this document are licensed under the
134	Creative Commons - Attribution / Share Alike license.
135
136	http://creativecommons.org/licenses/by-sa/2.5