Gentoo Logo

X.org and some X.org libraries: Local privilege escalations

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200608-25 / xorg-x11,xorg-server,xtrans,xload,xinit,xterm,xf86dga,xdm,libX11
Release Date August 28, 2006
Latest Revision December 13, 2006: 02
Impact high
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
x11-apps/xdm < 1.0.4-r1 >= 1.0.4-r1 All supported architectures
x11-apps/xinit < 1.0.2-r6 >= 1.0.2-r6 All supported architectures
x11-apps/xload < 1.0.1-r1 >= 1.0.1-r1 All supported architectures
x11-apps/xf86dga < 1.0.1-r1 >= 1.0.1-r1 All supported architectures
x11-base/xorg-x11 < 6.9.0-r2 revision >= 6.8.2-r8, >= 6.9.0-r2 All supported architectures
x11-base/xorg-server < 1.1.0-r1 revision >= 1.0.2-r6, >= 1.1.0-r1 All supported architectures
x11-libs/libx11 < 1.0.1-r1 >= 1.0.1-r1 All supported architectures
x11-libs/xtrans < 1.0.0-r1 >= 1.0.0-r1 All supported architectures
x11-terms/xterm < 215 >= 215 All supported architectures
app-emulation/emul-linux-x86-xlibs < 7.0-r2 >= 7.0-r2 AMD64

Related bugreports: #135974

Synopsis

X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are vulnerable to local privilege escalations because of unchecked setuid() calls.

2.  Impact Information

Background

X.org is an implementation of the X Window System.

Description

Several X.org libraries and X.org itself contain system calls to set*uid() functions, without checking their result.

Impact

Local users could deliberately exceed their assigned resource limits and elevate their privileges after an unsuccessful set*uid() system call. This requires resource limits to be enabled on the machine.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All X.Org xdm users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xdm-1.0.4-r1"

All X.Org xinit users should upgrade to the latest version:

Code Listing 3.2: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.0.2-r6"

All X.Org xload users should upgrade to the latest version:

Code Listing 3.3: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xload-1.0.1-r1"

All X.Org xf86dga users should upgrade to the latest version:

Code Listing 3.4: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xf86dga-1.0.1-r1"

All X.Org users should upgrade to the latest version:

Code Listing 3.5: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.9.0-r2"

All X.Org X servers users should upgrade to the latest version:

Code Listing 3.6: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.0-r1"

All X.Org X11 library users should upgrade to the latest version:

Code Listing 3.7: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/libx11-1.0.1-r1"

All X.Org xtrans library users should upgrade to the latest version:

Code Listing 3.8: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/xtrans-1.0.1-r1"

All xterm users should upgrade to the latest version:

Code Listing 3.9: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/xterm-215"

All users of the X11R6 libraries for emulation of 32bit x86 on amd64 should upgrade to the latest version:

Code Listing 3.10: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-xlibs-7.0-r2"

Please note that the fixed packages have been available for most architectures since June 30th but the GLSA release was held up waiting for the remaining architectures.

4.  References



Print

Page updated August 28, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.