[GRLUG] [mdlug] critical vulnerability in the X Window System

Raymond McLaughlin driveray at ameritech.net
Wed May 3 15:03:33 EDT 2006


Raymond McLaughlin wrote:
> <http://www.eweek.com/article2/0,1895,1956652,00.asp>
> 
> "It could be exploited to allow local users to execute code with root
> privileges, giving them the ability to overwrite system files or initiate
> denial-of-service attacks."
> 
> Highly plausible because X itself runs with root privileges
> 
>  From the article: "...the flaw resulted from a missing parenthesis on a 
> small piece of the program that checked the ID of the user." I'm 
> surprised it compiled. The compiler should have at least given a warning 
> message.
> 
> The article also says "The flaw, which affects X11R6.9.0 and X11R7.0.0, 
> was fixed within a week of its discovery,... " but doesn't give a 
> discovery date. Anyone seen an update in any distro to fix this? I ran 
> SuSE online update for the first time in over a week, and saw no mention 
> of X and authentication.
> 
> Mildly concerned
> Raymond McLaughlin

Dan Pritts wrote:
 > On Wed, May 03, 2006 at 02:28:38PM -0400, Raymond McLaughlin wrote:
 >> Highly plausible because X itself runs with root privileges
 >
 > Which always struck me as a stupid idea.
 >
 > I believe openbsd has done some work to do privilege separation
 > for X much like they did with ssh.
 >
 >> date. Anyone seen an update in any distro to fix this? I ran SuSE online
 >> update for the first time in over a week, and saw no mention of X and
 >> authentication.
 >
 > i saw an update announcement from openbsd shortly after the one
 > from x.org.  No linux distros yet to my knowledge.
 >
 > danno

 >

Secunia  lists this as having a (SuSE) vendor patch, with links to RPMs for SuSE 
9.2, 9.3, and 10.

<http://secunia.com/advisories/19921/>

  I guess the patches haven't made it to the mirrors yet.






More information about the grlug mailing list