[GRLUG] [mdlug] critical vulnerability in the X Window System
Raymond McLaughlin
driveray at ameritech.net
Wed May 3 15:03:33 EDT 2006
Raymond McLaughlin wrote:
> <http://www.eweek.com/article2/0,1895,1956652,00.asp>
>
> "It could be exploited to allow local users to execute code with root
> privileges, giving them the ability to overwrite system files or initiate
> denial-of-service attacks."
>
> Highly plausible because X itself runs with root privileges
>
> From the article: "...the flaw resulted from a missing parenthesis on a
> small piece of the program that checked the ID of the user." I'm
> surprised it compiled. The compiler should have at least given a warning
> message.
>
> The article also says "The flaw, which affects X11R6.9.0 and X11R7.0.0,
> was fixed within a week of its discovery,... " but doesn't give a
> discovery date. Anyone seen an update in any distro to fix this? I ran
> SuSE online update for the first time in over a week, and saw no mention
> of X and authentication.
>
> Mildly concerned
> Raymond McLaughlin
Dan Pritts wrote:
> On Wed, May 03, 2006 at 02:28:38PM -0400, Raymond McLaughlin wrote:
>> Highly plausible because X itself runs with root privileges
>
> Which always struck me as a stupid idea.
>
> I believe openbsd has done some work to do privilege separation
> for X much like they did with ssh.
>
>> date. Anyone seen an update in any distro to fix this? I ran SuSE online
>> update for the first time in over a week, and saw no mention of X and
>> authentication.
>
> i saw an update announcement from openbsd shortly after the one
> from x.org. No linux distros yet to my knowledge.
>
> danno
>
Secunia lists this as having a (SuSE) vendor patch, with links to RPMs for SuSE
9.2, 9.3, and 10.
<http://secunia.com/advisories/19921/>
I guess the patches haven't made it to the mirrors yet.
More information about the grlug
mailing list