[GRLUG] critical vulnerability in the X Window System

Roberto Villarreal rvillarreal at mktec.com
Wed May 3 15:07:36 EDT 2006

I read about this on slashdot, and from reading from the comments, it appears 
that the article writer used the wrong word... should have been "parentheses" 
(note the plurality).  From what I read, the code read:

if (getuid() == 0 || geteuid != 0) 

where it should have read:

if (getuid() == 0 || geteuid() != 0)

The posters claimed (I have not verified this) that gcc does not issue a 
warning, even with -Wall.

As to your actual question... I don't know :-)


On Wednesday 03 May 2006 2:28 pm, Raymond McLaughlin wrote:
> <http://www.eweek.com/article2/0,1895,1956652,00.asp>
> "It could be exploited to allow local users to execute code with root
> privileges, giving them the ability to overwrite system files or initiate
> denial-of-service attacks."
> Highly plausible because X itself runs with root privileges
>  From the article: "...the flaw resulted from a missing parenthesis on a
> small piece of the program that checked the ID of the user." I'm surprised
> it compiled. The compiler should have at least given a warning message.
> The article also says "The flaw, which affects X11R6.9.0 and X11R7.0.0, was
> fixed within a week of its discovery,... " but doesn't give a discovery
> date. Anyone seen an update in any distro to fix this? I ran SuSE online
> update for the first time in over a week, and saw no mention of X and
> authentication.
> Mildly concerned
> Raymond McLaughlin
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug

More information about the grlug mailing list