Vulnerability Bulletins |
Aumento de privilegios en Xorg |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Aumento de privilegios |
Dificulty | Principiante |
Required attacker level | Acceso remoto con cuenta |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software |
XOrg 1.0.x X11R6.9.0 X11R7.0 |
Description |
|
Se ha descubierto una vulnerabilidad en X.Org server (xorg-server) 1.0.x, X11R6.9.0, y X11R7.0. La vulnerabilidad reside en "xf86Init.c" que utiliza la dirección de la función "getuid" como si fuera el valor de retorno de una llamada a getuid. Un atacante local podría ejecutar código arbitrario mediante la opción de línea de comandos "-modulepath" o sobrescribir ficheros arbitrarios mediante la opción "-logfile". |
|
Solution |
|
Actualización de software Mandriva Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/X11R6-contrib-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-doc-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-server-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/xorg-x11-6.9.0-5.3.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.3.20060mdk.src.rpm Sun Solaris 10 / x86 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-118966-18-1 Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux |
|
Standar resources |
|
Property | Value |
CVE | CVE-2006-0745 |
BID | 17169 |
Other resources |
|
Mandriva Security Advisory (MDKSA-2006:056) http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:056 Sun Alert Notification (102252) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1 SUSE Security Advisory (SUSE-SA:2006:016) http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-03-21 |
1.1 | Aviso emitido por Suse (SUSE-SA:2006:016) | 2006-03-22 |
1.2 | Aviso actualizado por Sun (102252) | 2006-03-29 |
2.0 | Exploit público disponible | 2006-04-19 |