Note: This is an archival copy of Security Sun Alert 228529 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1017429.1.
Article ID : 1017429.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Linux 5.0 Security Vulnerabilities in XFree86 Packages



Category
Security

Release Phase
Resolved

Bug Id
4884367

Date of Resolved Release
25-JUL-2003

Vulnerabilities in XFree86 packages ...

1. Impact

Vulnerabilities in XFree86 packages may allow local or remote unauthorized users the ability to do the following:

1. xterm(1), provided as part of the XFree86 packages, provides an escape sequence for reporting the current window title. This escape sequence takes the current title and places it directly on the command line. An unauthorized local or remote user can create an escape sequence that sets the Xterm window title to an arbitrary command, and then reports it to the command line. Since it is not possible to embed a carriage return into the window title, the unauthorized user would then have to convince the user to press Enter for the shell to process the title as a command.

2. It is possible for a local or remote unauthorized user to lock up xterm(1) by sending an invalid "DEC UDK" escape sequence.

3. The xdm(1) display manager, with the "authComplain" set to false, allows unauthorized local or remote users to connect to the X server if the xdm(1) auth directory does not exist. (Reference the xdm manpages for the default values of authComplain and auth directory.)

4. A vulnerability in the "MIT-SHM" extension of the X server may allow local users to read and write shared memory.

5. The X server may set the "/dev/dri" directory permissions incorrectly. Since the "/dev/dri" is under the root filesystem and has world write permissions, local unprivileged users can create files in the root filesystem.

Please see the following CVE issues for more details:


2. Contributing Factors

This issue can occur in the following releases:

Sun Linux

  • Sun Linux 5.0 (LX50) with XFree86 packages prior to XFree86-4.1.0-49

3. Symptoms

Should the described issue occur, the following issues may be seen:

1. Xterm may lock up

2. "/dev/dri" access permissions show world writable

Note: The above are only predictable symptoms.


4. Workaround

There is no workaround. Please see the "Resolution" section below.


5. Resolution

These issues are addressed in the following packages:

Sun Linux 5.0

  • XFree86-100dpi-fonts-4.1.0-49.i386.rpm
  • XFree86-4.1.0-49.i386.rpm
  • XFree86-75dpi-fonts-4.1.0-49.i386.rpm
  • XFree86-ISO8859-15-100dpi-fonts-4.1.0-49.i386.rpm
  • XFree86-ISO8859-15-75dpi-fonts-4.1.0-49.i386.rpm
  • XFree86-ISO8859-2-100dpi-fonts-4.1.0-49.i386.rpm
  • XFree86-ISO8859-2-75dpi-fonts-4.1.0-49.i386.rpm
  • XFree86-ISO8859-9-100dpi-fonts-4.1.0-49.i386.rpm
  • XFree86-ISO8859-9-75dpi-fonts-4.1.0-49.i386.rpm
  • XFree86-Xnest-4.1.0-49.i386.rpm
  • XFree86-Xvfb-4.1.0-49.i386.rpm
  • XFree86-cyrillic-fonts-4.1.0-49.i386.rpm
  • XFree86-devel-4.1.0-49.i386.rpm
  • XFree86-doc-4.1.0-49.i386.rpm
  • XFree86-libs-4.1.0-49.i386.rpm
  • XFree86-tools-4.1.0-49.i386.rpm
  • XFree86-twm-4.1.0-49.i386.rpm
  • XFree86-xdm-4.1.0-49.i386.rpm
  • XFree86-xf86cfg-4.1.0-49.i386.rpm
  • XFree86-xfs-4.1.0-49.i386.rpm

SRPM

  • XFree86-4.1.0-49.src.rpm

The above XFree86 packages for Sun Linux 5.0 and SRPM are available at: http://sunsolve.sun.com/patches/linux/security.html


This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.


Product
Sun Linux 5.0
























Attachments
This solution has no attachment