8221023 2002-03-29 11:35 -0800 /264 rader/ <security@caldera.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-03-31 21:48 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Mottagare: Bugtraq (import) <21645>
Ärende: Security Update: [CSSA-2002-009.0] Linux: X server allows access to any shared memory on the system
------------------------------------------------------------
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
security-alerts@linuxsecurity.com
Message-ID: <20020329113556.H25454@caldera.com>
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux: X server allows access to any shared memory on the system
Advisory number: CSSA-2002-009.0
Issue date: 2002, March 15
Cross reference:
______________________________________________________________________________
1. Problem Description
Any user with local X access can exploit the MIT-SHM extension and
gain read/write access to any shared memory segment on the system.
2. Vulnerable Supported Versions
System Package
-----------------------------------------------------------
OpenLinux Server 3.1 All packages previous to
XFree86-4.1-12
OpenLinux Workstation 3.1 All packages previous to
XFree86-4.1-12
OpenLinux Server 3.1.1 All packages previous to
XFree86-4.1-12
OpenLinux Workstation All packages previous to
3.1.1 XFree86-4.1-12
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 3.1 Server
4.1 Location of Fixed Packages
The 3.1 version of this package is not yet available. An
updated advisory will be published when the package is
released.
5. OpenLinux 3.1 Workstation
5.1 Location of Fixed Packages
The 3.1 version of this package is not yet available. An
updated advisory will be published when the package is
released.
6. OpenLinux 3.1.1 Server
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS
6.2 Verification
245e9b3977dfe7da3bf41d8ed39506ed RPMS/XFree86-4.1-12.i386.rpm
82e5fdfacc34d5fb8476fcfb207e7cb9
RPMS/XFree86-addons-4.1-12.i386.rpm
9300a24ef34750c2490a7d48a5d55192
RPMS/XFree86-config-eg-4.1-12.i386.rpm
2b3a6305777826110a4a4ee38cbf1a93
RPMS/XFree86-contrib-4.1-12.i386.rpm
55aec647ce3e60603dce696e71eb26e5
RPMS/XFree86-devel-4.1-12.i386.rpm
115850eaa7b5c2c6b0c3d7d36ba7c6c5
RPMS/XFree86-devel-prof-4.1-12.i386.rpm
9f3dd76757cc99c07a71991d43e441cb
RPMS/XFree86-devel-static-4.1-12.i386.rpm
7cf04cf1e8fb1153e147a44f178364e8
RPMS/XFree86-fonts-100dpi-4.1-12.i386.rpm
d700a04c2a6538b51e39991c7139a084
RPMS/XFree86-fonts-4.1-12.i386.rpm
47c28aa528c71b6b31b6f472ff50227c
RPMS/XFree86-fonts-75dpi-4.1-12.i386.rpm
0e6c20f23c614bad51f4a2ca6b7da3e2
RPMS/XFree86-fonts-cyrillic-4.1-12.i386.rpm
b019f420aef281c0833416f04f97b3b7
RPMS/XFree86-fonts-extra-4.1-12.i386.rpm
2009bddd2d2ee6e9ac1f8d7090246072
RPMS/XFree86-fonts-scale-4.1-12.i386.rpm
e9f91121b38e58c969e59437745769a9
RPMS/XFree86-fonts-speedo-4.1-12.i386.rpm
ac38a32f8bb2890bb9e1aa0c594b7b9d
RPMS/XFree86-fontserver-4.1-12.i386.rpm
b196ba2ec8a7e859fb689fdb2edb7d01
RPMS/XFree86-imake-4.1-12.i386.rpm
7802f9a34ee22968160cbe4a2503b9ce
RPMS/XFree86-libs-4.1-12.i386.rpm
be74a2637bac45a6912e260c93fd0daf
RPMS/XFree86-misc-4.1-12.i386.rpm
6667de4aa89daba3f618fcc53235a67d
RPMS/XFree86-pex-4.1-12.i386.rpm
2bfc213d3687b5cf0dea521822591852
RPMS/XFree86-programs-4.1-12.i386.rpm
1faca0a3c38c3c6fc722bfc644966cce
RPMS/XFree86-server-4.1-12.i386.rpm
a9d7ef19a58694b03fc8d7036c384009
RPMS/XFree86-setup-4.1-12.i386.rpm
8dc6abdce7c50178dce3b2a5844a30f5
RPMS/XFree86-twm-4.1-12.i386.rpm
0c1f8ab1194ca2bfda265dfc5d44dd2f
RPMS/XFree86-xdm-4.1-12.i386.rpm
89a864b1377fff1fbdf5c22056c3595b
RPMS/XFree86-Xnest-4.1-12.i386.rpm
ac4d725b2a37c96e044fb85b8c74c5b1
RPMS/XFree86-Xprt-4.1-12.i386.rpm
9863ad9eedcc542e4cb93922fe49b153
RPMS/XFree86-xsm-4.1-12.i386.rpm
7fdedf2eb43f97e6739b7fa10d374c89
RPMS/XFree86-xterm-4.1-12.i386.rpm
54d6096638b59151956896bcbdef3940
RPMS/XFree86-Xvfb-4.1-12.i386.rpm
c23136cc0151d025e699f9a1fe68d2ad SRPMS/XFree86-4.1-12.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh XFree86-4.1-12.i386.rpm \
XFree86-addons-4.1-12.i386.rpm \
XFree86-config-eg-4.1-12.i386.rpm \
XFree86-contrib-4.1-12.i386.rpm \
XFree86-devel-4.1-12.i386.rpm \
XFree86-devel-prof-4.1-12.i386.rpm \
XFree86-devel-static-4.1-12.i386.rpm \
XFree86-fonts-100dpi-4.1-12.i386.rpm \
XFree86-fonts-4.1-12.i386.rpm \
XFree86-fonts-75dpi-4.1-12.i386.rpm \
XFree86-fonts-cyrillic-4.1-12.i386.rpm \
XFree86-fonts-extra-4.1-12.i386.rpm \
XFree86-fonts-scale-4.1-12.i386.rpm \
XFree86-fonts-speedo-4.1-12.i386.rpm \
XFree86-fontserver-4.1-12.i386.rpm \
XFree86-imake-4.1-12.i386.rpm \
XFree86-libs-4.1-12.i386.rpm \
XFree86-misc-4.1-12.i386.rpm \
XFree86-pex-4.1-12.i386.rpm \
XFree86-programs-4.1-12.i386.rpm \
XFree86-server-4.1-12.i386.rpm \
XFree86-setup-4.1-12.i386.rpm \
XFree86-twm-4.1-12.i386.rpm \
XFree86-xdm-4.1-12.i386.rpm \
XFree86-Xnest-4.1-12.i386.rpm \
XFree86-Xprt-4.1-12.i386.rpm \
XFree86-xsm-4.1-12.i386.rpm \
XFree86-xterm-4.1-12.i386.rpm \
XFree86-Xvfb-4.1-12.i386.rpm
7. OpenLinux 3.1.1 Workstation
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS
7.2 Verification
245e9b3977dfe7da3bf41d8ed39506ed RPMS/XFree86-4.1-12.i386.rpm
82e5fdfacc34d5fb8476fcfb207e7cb9
RPMS/XFree86-addons-4.1-12.i386.rpm
9300a24ef34750c2490a7d48a5d55192
RPMS/XFree86-config-eg-4.1-12.i386.rpm
2b3a6305777826110a4a4ee38cbf1a93
RPMS/XFree86-contrib-4.1-12.i386.rpm
55aec647ce3e60603dce696e71eb26e5
RPMS/XFree86-devel-4.1-12.i386.rpm
115850eaa7b5c2c6b0c3d7d36ba7c6c5
RPMS/XFree86-devel-prof-4.1-12.i386.rpm
9f3dd76757cc99c07a71991d43e441cb
RPMS/XFree86-devel-static-4.1-12.i386.rpm
7cf04cf1e8fb1153e147a44f178364e8
RPMS/XFree86-fonts-100dpi-4.1-12.i386.rpm
d700a04c2a6538b51e39991c7139a084
RPMS/XFree86-fonts-4.1-12.i386.rpm
47c28aa528c71b6b31b6f472ff50227c
RPMS/XFree86-fonts-75dpi-4.1-12.i386.rpm
0e6c20f23c614bad51f4a2ca6b7da3e2
RPMS/XFree86-fonts-cyrillic-4.1-12.i386.rpm
b019f420aef281c0833416f04f97b3b7
RPMS/XFree86-fonts-extra-4.1-12.i386.rpm
2009bddd2d2ee6e9ac1f8d7090246072
RPMS/XFree86-fonts-scale-4.1-12.i386.rpm
e9f91121b38e58c969e59437745769a9
RPMS/XFree86-fonts-speedo-4.1-12.i386.rpm
ac38a32f8bb2890bb9e1aa0c594b7b9d
RPMS/XFree86-fontserver-4.1-12.i386.rpm
b196ba2ec8a7e859fb689fdb2edb7d01
RPMS/XFree86-imake-4.1-12.i386.rpm
7802f9a34ee22968160cbe4a2503b9ce
RPMS/XFree86-libs-4.1-12.i386.rpm
be74a2637bac45a6912e260c93fd0daf
RPMS/XFree86-misc-4.1-12.i386.rpm
6667de4aa89daba3f618fcc53235a67d
RPMS/XFree86-pex-4.1-12.i386.rpm
2bfc213d3687b5cf0dea521822591852
RPMS/XFree86-programs-4.1-12.i386.rpm
1faca0a3c38c3c6fc722bfc644966cce
RPMS/XFree86-server-4.1-12.i386.rpm
a9d7ef19a58694b03fc8d7036c384009
RPMS/XFree86-setup-4.1-12.i386.rpm
8dc6abdce7c50178dce3b2a5844a30f5
RPMS/XFree86-twm-4.1-12.i386.rpm
0c1f8ab1194ca2bfda265dfc5d44dd2f
RPMS/XFree86-xdm-4.1-12.i386.rpm
89a864b1377fff1fbdf5c22056c3595b
RPMS/XFree86-Xnest-4.1-12.i386.rpm
ac4d725b2a37c96e044fb85b8c74c5b1
RPMS/XFree86-Xprt-4.1-12.i386.rpm
9863ad9eedcc542e4cb93922fe49b153
RPMS/XFree86-xsm-4.1-12.i386.rpm
7fdedf2eb43f97e6739b7fa10d374c89
RPMS/XFree86-xterm-4.1-12.i386.rpm
54d6096638b59151956896bcbdef3940
RPMS/XFree86-Xvfb-4.1-12.i386.rpm
c23136cc0151d025e699f9a1fe68d2ad SRPMS/XFree86-4.1-12.src.rpm
7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh XFree86-4.1-12.i386.rpm \
XFree86-addons-4.1-12.i386.rpm \
XFree86-config-eg-4.1-12.i386.rpm \
XFree86-contrib-4.1-12.i386.rpm \
XFree86-devel-4.1-12.i386.rpm \
XFree86-devel-prof-4.1-12.i386.rpm \
XFree86-devel-static-4.1-12.i386.rpm \
XFree86-fonts-100dpi-4.1-12.i386.rpm \
XFree86-fonts-4.1-12.i386.rpm \
XFree86-fonts-75dpi-4.1-12.i386.rpm \
XFree86-fonts-cyrillic-4.1-12.i386.rpm \
XFree86-fonts-extra-4.1-12.i386.rpm \
XFree86-fonts-scale-4.1-12.i386.rpm \
XFree86-fonts-speedo-4.1-12.i386.rpm \
XFree86-fontserver-4.1-12.i386.rpm \
XFree86-imake-4.1-12.i386.rpm \
XFree86-libs-4.1-12.i386.rpm \
XFree86-misc-4.1-12.i386.rpm \
XFree86-pex-4.1-12.i386.rpm \
XFree86-programs-4.1-12.i386.rpm \
XFree86-server-4.1-12.i386.rpm \
XFree86-setup-4.1-12.i386.rpm \
XFree86-twm-4.1-12.i386.rpm \
XFree86-xdm-4.1-12.i386.rpm \
XFree86-Xnest-4.1-12.i386.rpm \
XFree86-Xprt-4.1-12.i386.rpm \
XFree86-xsm-4.1-12.i386.rpm \
XFree86-xterm-4.1-12.i386.rpm \
XFree86-Xvfb-4.1-12.i386.rpm
8. References
Specific references for this advisory:
none
Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html
Caldera UNIX security resources:
http://stage.caldera.com/support/security/
This security fix closes Caldera incidents sr860891, fz520231,
erg711969.
9. Disclaimer
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through
our security advisories. Our advisories are a service to our
customers intended to promote secure installation and use of
Caldera International products.
10. Acknowledgements
Roberto Zunino discovered and researched this vulnerability.
______________________________________________________________________________
(8221023) / <security@caldera.com>/-------(Ombruten)
Bilaga (application/pgp-signature) i text 8221024
8221024 2002-03-29 11:35 -0800 /10 rader/ <security@caldera.com>
Importerad: 2002-03-31 21:48 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Mottagare: Bugtraq (import) <21646>
Bilaga (text/plain) till text 8221023
Ärende: Bilaga till: Security Update: [CSSA-2002-009.0] Linux: X server allows access to any shared memory on the system
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjykwhsACgkQbluZssSXDTFmswCeNWSFFPeKDpPNIDcQdj+KnnIO
ZLQAn03vkMWW2fYyQOu88yGY63h3rz3p
=zP7+
-----END PGP SIGNATURE-----
(8221024) / <security@caldera.com>/-----------------