[gentoo-announce] [ GLSA 200608-25 ] X.org and some X.org libraries: Local privilege escalations - gentoo-announce

From:	Raphael Marichez <falco@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200608-25 ] X.org and some X.org libraries: Local privilege escalations
Date:	Mon, 28 Aug 2006 17:17:09
Message-Id:	`200608281853.58448@msgid.falco.bz`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200608-25

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: High

8

     Title: X.org and some X.org libraries: Local privilege escalations

9

      Date: August 28, 2006

10

      Bugs: #135974

11

        ID: 200608-25

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are

19

vulnerable to local privilege escalations because of unchecked

20

setuid() calls.

21

22

Background

23

==========

24

25

X.org is an implementation of the X Window System.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package                             /  Vulnerable  /   Unaffected

32

    -------------------------------------------------------------------

33

  1  x11-apps/xdm                           < 1.0.4-r1     >= 1.0.4-r1

34

  2  x11-apps/xinit                         < 1.0.2-r6     >= 1.0.2-r6

35

  3  x11-apps/xload                         < 1.0.1-r1     >= 1.0.1-r1

36

  4  x11-apps/xf86dga                       < 1.0.1-r1     >= 1.0.1-r1

37

  5  x11-base/xorg-x11                      < 6.9.0-r2    *>= 6.8.2-r8

38

                                                           >= 6.9.0-r2

39

  6  x11-base/xorg-server                   < 1.1.0-r1    *>= 1.0.2-r6

40

                                                           >= 1.1.0-r1

41

  7  x11-libs/libx11                        < 1.0.1-r1     >= 1.0.1-r1

42

  8  x11-libs/xtrans                        < 1.0.0-r1     >= 1.0.0-r1

43

  9  x11-terms/xterm                           < 215            >= 215

44

 10  app-emulation/emul-linux-x86-xlibs      < 7.0-r2        >= 7.0-r2

45

    -------------------------------------------------------------------

46

     # Package 10 [app-emulation/emul-linux-x86-xlibs] only applies to

47

       AMD64 users.

48

49

     NOTE: Any packages listed without architecture tags apply to all

50

          architectures...

51

    -------------------------------------------------------------------

52

     10 affected packages

53

    -------------------------------------------------------------------

54

55

Description

56

===========

57

58

Several X.org libraries and X.org itself contain system calls to

59

set*uid() functions, without checking their result.

60

61

Impact

62

======

63

64

Local users could deliberately exceed their assigned resource limits

65

and elevate their privileges after an unsuccessful set*uid() system

66

call. This requires resource limits to be enabled on the machine.

67

68

Workaround

69

==========

70

71

There is no known workaround at this time.

72

73

Resolution

74

==========

75

76

All X.Org xdm users should upgrade to the latest version:

77

78

    # emerge --sync

79

    # emerge --ask --oneshot --verbose ">=x11-apps/xdm-1.0.4-r1"

80

81

All X.Org xinit users should upgrade to the latest version:

82

83

    # emerge --sync

84

    # emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.0.2-r6"

85

86

All X.Org xload users should upgrade to the latest version:

87

88

    # emerge --sync

89

    # emerge --ask --oneshot --verbose ">=x11-apps/xload-1.0.1-r1"

90

91

All X.Org xf86dga users should upgrade to the latest version:

92

93

    # emerge --sync

94

    # emerge --ask --oneshot --verbose ">=x11-apps/xf86dga-1.0.1-r1"

95

96

All X.Org users should upgrade to the latest version:

97

98

    # emerge --sync

99

    # emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.9.0-r2"

100

101

All X.Org X servers users should upgrade to the latest version:

102

103

    # emerge --sync

104

    # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.0-r1"

105

106

All X.Org X11 library users should upgrade to the latest version:

107

108

    # emerge --sync

109

    # emerge --ask --oneshot --verbose ">=x11-libs/libx11-1.0.1-r1"

110

111

All X.Org xtrans library users should upgrade to the latest version:

112

113

    # emerge --sync

114

    # emerge --ask --oneshot --verbose ">=x11-libs/xtrans-1.0.1-r1"

115

116

All xterm users should upgrade to the latest version:

117

118

    # emerge --sync

119

    # emerge --ask --oneshot --verbose ">=x11-terms/xterm-215"

120

121

All users of the X11R6 libraries for emulation of 32bit x86 on amd64

122

should upgrade to the latest version:

123

124

    # emerge --sync

125

#

126

emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-xlibs-7.0-r2"

127

128

Please note that the fixed packages have been available for most

129

architectures since June 30th but the GLSA release was held up waiting

130

for the remaining architectures.

131

132

References

133

==========

134

135

  [ 1 ] X.Org security advisory

136

        http://lists.freedesktop.org/archives/xorg/2006-June/016146.html

137

138

Availability

139

============

140

141

This GLSA and any updates to it are available for viewing at

142

the Gentoo Security Website:

143

144

  http://security.gentoo.org/glsa/glsa-200608-25.xml

145

146

Concerns?

147

=========

148

149

Security is a primary focus of Gentoo Linux and ensuring the

150

confidentiality and security of our users machines is of utmost

151

importance to us. Any security concerns should be addressed to

152

security@g.o or alternatively, you may file a bug at

153

http://bugs.gentoo.org.

154

155

License

156

=======

157

158

Copyright 2006 Gentoo Foundation, Inc; referenced text

159

belongs to its owner(s).

160

161

The contents of this document are licensed under the

162

Creative Commons - Attribution / Share Alike license.

163

164

http://creativecommons.org/licenses/by-sa/2.5

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200608-25
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: X.org and some X.org libraries: Local privilege escalations
9	Date: August 28, 2006
10	Bugs: #135974
11	ID: 200608-25
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are
19	vulnerable to local privilege escalations because of unchecked
20	setuid() calls.
21
22	Background
23	==========
24
25	X.org is an implementation of the X Window System.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 x11-apps/xdm < 1.0.4-r1 >= 1.0.4-r1
34	2 x11-apps/xinit < 1.0.2-r6 >= 1.0.2-r6
35	3 x11-apps/xload < 1.0.1-r1 >= 1.0.1-r1
36	4 x11-apps/xf86dga < 1.0.1-r1 >= 1.0.1-r1
37	5 x11-base/xorg-x11 < 6.9.0-r2 *>= 6.8.2-r8
38	>= 6.9.0-r2
39	6 x11-base/xorg-server < 1.1.0-r1 *>= 1.0.2-r6
40	>= 1.1.0-r1
41	7 x11-libs/libx11 < 1.0.1-r1 >= 1.0.1-r1
42	8 x11-libs/xtrans < 1.0.0-r1 >= 1.0.0-r1
43	9 x11-terms/xterm < 215 >= 215
44	10 app-emulation/emul-linux-x86-xlibs < 7.0-r2 >= 7.0-r2
45	-------------------------------------------------------------------
46	# Package 10 [app-emulation/emul-linux-x86-xlibs] only applies to
47	AMD64 users.
48
49	NOTE: Any packages listed without architecture tags apply to all
50	architectures...
51	-------------------------------------------------------------------
52	10 affected packages
53	-------------------------------------------------------------------
54
55	Description
56	===========
57
58	Several X.org libraries and X.org itself contain system calls to
59	set*uid() functions, without checking their result.
60
61	Impact
62	======
63
64	Local users could deliberately exceed their assigned resource limits
65	and elevate their privileges after an unsuccessful set*uid() system
66	call. This requires resource limits to be enabled on the machine.
67
68	Workaround
69	==========
70
71	There is no known workaround at this time.
72
73	Resolution
74	==========
75
76	All X.Org xdm users should upgrade to the latest version:
77
78	# emerge --sync
79	# emerge --ask --oneshot --verbose ">=x11-apps/xdm-1.0.4-r1"
80
81	All X.Org xinit users should upgrade to the latest version:
82
83	# emerge --sync
84	# emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.0.2-r6"
85
86	All X.Org xload users should upgrade to the latest version:
87
88	# emerge --sync
89	# emerge --ask --oneshot --verbose ">=x11-apps/xload-1.0.1-r1"
90
91	All X.Org xf86dga users should upgrade to the latest version:
92
93	# emerge --sync
94	# emerge --ask --oneshot --verbose ">=x11-apps/xf86dga-1.0.1-r1"
95
96	All X.Org users should upgrade to the latest version:
97
98	# emerge --sync
99	# emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.9.0-r2"
100
101	All X.Org X servers users should upgrade to the latest version:
102
103	# emerge --sync
104	# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.0-r1"
105
106	All X.Org X11 library users should upgrade to the latest version:
107
108	# emerge --sync
109	# emerge --ask --oneshot --verbose ">=x11-libs/libx11-1.0.1-r1"
110
111	All X.Org xtrans library users should upgrade to the latest version:
112
113	# emerge --sync
114	# emerge --ask --oneshot --verbose ">=x11-libs/xtrans-1.0.1-r1"
115
116	All xterm users should upgrade to the latest version:
117
118	# emerge --sync
119	# emerge --ask --oneshot --verbose ">=x11-terms/xterm-215"
120
121	All users of the X11R6 libraries for emulation of 32bit x86 on amd64
122	should upgrade to the latest version:
123
124	# emerge --sync
125	#
126	emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-xlibs-7.0-r2"
127
128	Please note that the fixed packages have been available for most
129	architectures since June 30th but the GLSA release was held up waiting
130	for the remaining architectures.
131
132	References
133	==========
134
135	[ 1 ] X.Org security advisory
136	http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
137
138	Availability
139	============
140
141	This GLSA and any updates to it are available for viewing at
142	the Gentoo Security Website:
143
144	http://security.gentoo.org/glsa/glsa-200608-25.xml
145
146	Concerns?
147	=========
148
149	Security is a primary focus of Gentoo Linux and ensuring the
150	confidentiality and security of our users machines is of utmost
151	importance to us. Any security concerns should be addressed to
152	security@g.o or alternatively, you may file a bug at
153	http://bugs.gentoo.org.
154
155	License
156	=======
157
158	Copyright 2006 Gentoo Foundation, Inc; referenced text
159	belongs to its owner(s).
160
161	The contents of this document are licensed under the
162	Creative Commons - Attribution / Share Alike license.
163
164	http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce