Vulnerability Bulletins

int(2264)

Vulnerability Bulletins

Aumento de privilegios en Xorg
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de privilegios
Dificulty	Principiante
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	XOrg 1.0.x X11R6.9.0 X11R7.0
Description
Se ha descubierto una vulnerabilidad en X.Org server (xorg-server) 1.0.x, X11R6.9.0, y X11R7.0. La vulnerabilidad reside en "xf86Init.c" que utiliza la dirección de la función "getuid" como si fuera el valor de retorno de una llamada a getuid. Un atacante local podría ejecutar código arbitrario mediante la opción de línea de comandos "-modulepath" o sobrescribir ficheros arbitrarios mediante la opción "-logfile".
Solution
Actualización de software Mandriva Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/X11R6-contrib-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-doc-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-server-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/xorg-x11-6.9.0-5.3.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.3.20060mdk.src.rpm Sun Solaris 10 / x86 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-118966-18-1 Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux
Standar resources
Property	Value
CVE	CVE-2006-0745
BID	17169
Other resources
Mandriva Security Advisory (MDKSA-2006:056) http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:056 Sun Alert Notification (102252) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1 SUSE Security Advisory (SUSE-SA:2006:016) http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2006-03-21
1.1	Aviso emitido por Suse (SUSE-SA:2006:016)	2006-03-22
1.2	Aviso actualizado por Sun (102252)	2006-03-29
2.0	Exploit público disponible	2006-04-19

Vulnerability Bulletins

Aumento de privilegios en Xorg

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history