|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[CVE-2006-0745] X.Org potential privilege elevation and DoS
From: Matthieu Herrb (matthieu.herrb
laas.fr)
Date: Mon Mar 20 2006 - 13:46:23 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
The vulnerability in X.Org 6.9 presented in this recent advisory:
<http://lists.freedesktop.org/archives/xorg/2006-March/013992.html>
partially applies to OpenBSD-current.
The impact of the vulnerability is limited on OpenBSD thanks to the
privilege separation code in the X server. Elevating the privileges is
not directly possible as presented in the advisory, since the code in
the loaded module will be executed by the unprivileged user. Overwriting
system files with -logfile is still possible.
The fix will be present in OpenBSD 3.9, and is included in binary
snapshots since March 10. If you're using a snapshot built between
january and March 10, I recommend that you upgrade at least xserv39.tgz.
If you're building X from sources, update your sources, and make sure
that you have at least
XF4/xc/programs/Xserver/hw/xfree86/common/xf86Init.c revision 1.14.
OpenBSD 3.8 and 3.7 are not affected.
--
Matthieu Herrb
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]