[gentoo-announce] [ GLSA 200806-07 ] X.Org X server: Multiple vulnerabilities - gentoo-announce

From:	Matthias Geerdsen <vorlon@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200806-07 ] X.Org X server: Multiple vulnerabilities
Date:	Thu, 19 Jun 2008 18:06:28
Message-Id:	`485A9EC0.1090503@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200806-07

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                             http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

   Severity: High

8

      Title: X.Org X server: Multiple vulnerabilities

9

       Date: June 19, 2008

10

       Bugs: #225419

11

         ID: 200806-07

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been discovered in the X.Org X server,

19

possibly allowing for the remote execution of arbitrary code with root

20

privileges.

21

22

Background

23

==========

24

25

The X Window System is a graphical windowing system based on a

26

client/server model.

27

28

Affected packages

29

=================

30

31

     -------------------------------------------------------------------

32

      Package               /   Vulnerable   /               Unaffected

33

     -------------------------------------------------------------------

34

   1  x11-base/xorg-server     < 1.3.0.0-r6               >= 1.3.0.0-r6

35

36

Description

37

===========

38

39

Regenrecht reported multiple vulnerabilities in various X server

40

extensions via iDefense:

41

42

* The SProcSecurityGenerateAuthorization() and

43

   SProcRecordCreateContext() functions of the RECORD and Security

44

   extensions are lacking proper parameter validation (CVE-2008-1377).

45

46

* An integer overflow is possible in the function ShmPutImage() of

47

   the MIT-SHM extension (CVE-2008-1379).

48

49

* The RENDER extension contains several possible integer overflows in

50

   the AllocateGlyph() function (CVE-2008-2360) which could possibly

51

   lead to a heap-based buffer overflow. Further possible integer

52

   overflows have been found in the ProcRenderCreateCursor() function

53

   (CVE-2008-2361) as well as in the SProcRenderCreateLinearGradient(),

54

   SProcRenderCreateRadialGradient() and

55

   SProcRenderCreateConicalGradient() functions (CVE-2008-2362).

56

57

Impact

58

======

59

60

Exploitation of these vulnerabilities could possibly lead to the remote

61

execution of arbitrary code with root privileges, if the server is

62

running as root, which is the default. It is also possible to crash the

63

server by making use of these vulnerabilities.

64

65

Workaround

66

==========

67

68

It is possible to avoid these vulnerabilities by disabling the affected

69

server extensions. Therefore edit the configuration file

70

(/etc/X11/xorg.conf) to contain the following in the appropriate

71

places:

72

73

       Section "Extensions"

74

     	Option "MIT-SHM" "disable"

75

     	Option "RENDER" "disable"

76

     	Option "SECURITY" "disable"

77

       EndSection

78

79

       Section "Module"

80

        Disable "record"

81

       EndSection

82

83

Resolution

84

==========

85

86

All X.org X Server users should upgrade to the latest version:

87

88

     # emerge --sync

89

     # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.3.0.0-r6"

90

91

References

92

==========

93

94

   [ 1 ] CVE-2008-1377

95

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377

96

   [ 2 ] CVE-2008-1379

97

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379

98

   [ 3 ] CVE-2008-2360

99

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360

100

   [ 4 ] CVE-2008-2361

101

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361

102

   [ 5 ] CVE-2008-2362

103

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362

104

105

Availability

106

============

107

108

This GLSA and any updates to it are available for viewing at

109

the Gentoo Security Website:

110

111

   http://security.gentoo.org/glsa/glsa-200806-07.xml

112

113

Concerns?

114

=========

115

116

Security is a primary focus of Gentoo Linux and ensuring the

117

confidentiality and security of our users machines is of utmost

118

importance to us. Any security concerns should be addressed to

119

security@g.o or alternatively, you may file a bug at

120

http://bugs.gentoo.org.

121

122

License

123

=======

124

125

Copyright 2008 Gentoo Foundation, Inc; referenced text

126

belongs to its owner(s).

127

128

The contents of this document are licensed under the

129

Creative Commons - Attribution / Share Alike license.

130

131

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200806-07
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: X.Org X server: Multiple vulnerabilities
9	Date: June 19, 2008
10	Bugs: #225419
11	ID: 200806-07
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been discovered in the X.Org X server,
19	possibly allowing for the remote execution of arbitrary code with root
20	privileges.
21
22	Background
23	==========
24
25	The X Window System is a graphical windowing system based on a
26	client/server model.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 x11-base/xorg-server < 1.3.0.0-r6 >= 1.3.0.0-r6
35
36	Description
37	===========
38
39	Regenrecht reported multiple vulnerabilities in various X server
40	extensions via iDefense:
41
42	* The SProcSecurityGenerateAuthorization() and
43	SProcRecordCreateContext() functions of the RECORD and Security
44	extensions are lacking proper parameter validation (CVE-2008-1377).
45
46	* An integer overflow is possible in the function ShmPutImage() of
47	the MIT-SHM extension (CVE-2008-1379).
48
49	* The RENDER extension contains several possible integer overflows in
50	the AllocateGlyph() function (CVE-2008-2360) which could possibly
51	lead to a heap-based buffer overflow. Further possible integer
52	overflows have been found in the ProcRenderCreateCursor() function
53	(CVE-2008-2361) as well as in the SProcRenderCreateLinearGradient(),
54	SProcRenderCreateRadialGradient() and
55	SProcRenderCreateConicalGradient() functions (CVE-2008-2362).
56
57	Impact
58	======
59
60	Exploitation of these vulnerabilities could possibly lead to the remote
61	execution of arbitrary code with root privileges, if the server is
62	running as root, which is the default. It is also possible to crash the
63	server by making use of these vulnerabilities.
64
65	Workaround
66	==========
67
68	It is possible to avoid these vulnerabilities by disabling the affected
69	server extensions. Therefore edit the configuration file
70	(/etc/X11/xorg.conf) to contain the following in the appropriate
71	places:
72
73	Section "Extensions"
74	Option "MIT-SHM" "disable"
75	Option "RENDER" "disable"
76	Option "SECURITY" "disable"
77	EndSection
78
79	Section "Module"
80	Disable "record"
81	EndSection
82
83	Resolution
84	==========
85
86	All X.org X Server users should upgrade to the latest version:
87
88	# emerge --sync
89	# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.3.0.0-r6"
90
91	References
92	==========
93
94	[ 1 ] CVE-2008-1377
95	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377
96	[ 2 ] CVE-2008-1379
97	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
98	[ 3 ] CVE-2008-2360
99	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
100	[ 4 ] CVE-2008-2361
101	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
102	[ 5 ] CVE-2008-2362
103	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362
104
105	Availability
106	============
107
108	This GLSA and any updates to it are available for viewing at
109	the Gentoo Security Website:
110
111	http://security.gentoo.org/glsa/glsa-200806-07.xml
112
113	Concerns?
114	=========
115
116	Security is a primary focus of Gentoo Linux and ensuring the
117	confidentiality and security of our users machines is of utmost
118	importance to us. Any security concerns should be addressed to
119	security@g.o or alternatively, you may file a bug at
120	http://bugs.gentoo.org.
121
122	License
123	=======
124
125	Copyright 2008 Gentoo Foundation, Inc; referenced text
126	belongs to its owner(s).
127
128	The contents of this document are licensed under the
129	Creative Commons - Attribution / Share Alike license.
130
131	http://creativecommons.org/licenses/by-sa/2.5