[GRLUG] critical vulnerability in the X Window System
Roberto Villarreal
rvillarreal at mktec.com
Wed May 3 15:07:36 EDT 2006
I read about this on slashdot, and from reading from the comments, it appears
that the article writer used the wrong word... should have been "parentheses"
(note the plurality). From what I read, the code read:
if (getuid() == 0 || geteuid != 0)
where it should have read:
if (getuid() == 0 || geteuid() != 0)
The posters claimed (I have not verified this) that gcc does not issue a
warning, even with -Wall.
As to your actual question... I don't know :-)
Roberto
On Wednesday 03 May 2006 2:28 pm, Raymond McLaughlin wrote:
> <http://www.eweek.com/article2/0,1895,1956652,00.asp>
>
> "It could be exploited to allow local users to execute code with root
> privileges, giving them the ability to overwrite system files or initiate
> denial-of-service attacks."
>
> Highly plausible because X itself runs with root privileges
>
> From the article: "...the flaw resulted from a missing parenthesis on a
> small piece of the program that checked the ID of the user." I'm surprised
> it compiled. The compiler should have at least given a warning message.
>
> The article also says "The flaw, which affects X11R6.9.0 and X11R7.0.0, was
> fixed within a week of its discovery,... " but doesn't give a discovery
> date. Anyone seen an update in any distro to fix this? I ran SuSE online
> update for the first time in over a week, and saw no mention of X and
> authentication.
>
> Mildly concerned
> Raymond McLaughlin
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
More information about the grlug
mailing list