OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[sec-adv] XBlockOut "-display" Privilege Escalation Vulnerability

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Jul 09 2003 - 03:37:11 CDT

TITLE:
XBlockOut "-display" Privilege Escalation Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9213/

CRITICAL:
Not critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:

Debian GNU/Linux 3.0
Debian GNU/Linux unstable alias sid

SOFTWARE:
XBlockOut (xbl) 1.x

DESCRIPTION:
Debian has reported a vulnerability in XBlockOut (xbl), which can be
exploited by malicious, local users to escalate their privileges on a
vulnerable system.

The vulnerability is caused due to a boundary error when handling
input to the "-display" command line option. This can be exploited to
cause a buffer overflow allowing execution of arbitrary code with the
privileges of the "games" group.

SOLUTION:
Updated packages:

-- Debian GNU/Linux 3.0 alias woody --

Source archives:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2.dsc
Size/MD5 checksum: 567 cc617cf2ab0beba1290a1948dec24015
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2.diff.gz
Size/MD5 checksum: 10093 8e0ac57663ff0657bbcd406ae40d99e8
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k.orig.tar.gz
Size/MD5 checksum: 135080 22e7822a449ae5b68695158fd59ea49c

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_alpha.deb
Size/MD5 checksum: 122282 4d9b7d78318306f488831477d6b31ae6

ARM architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_arm.deb
Size/MD5 checksum: 111098 300c03bdd43a4413ac72346c14cae0ed

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_i386.deb
Size/MD5 checksum: 103296 54bfaa17756365c4559b608ee596c262

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_ia64.deb
Size/MD5 checksum: 151432 4e26d6422591122e4cf22ae16f60e6cf

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_hppa.deb
Size/MD5 checksum: 116784 91232ce406230a0970b306dc0a5f1b9f

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_m68k.deb
Size/MD5 checksum: 97746 89dfc31946135fbde0d1a723f4c69304

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_mips.deb
Size/MD5 checksum: 116010 feb3b79691e096b7006e01fcdcb4d987

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_mipsel.deb
Size/MD5 checksum: 115888 67367915c9c2b73a31d679ea87fa5636

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_powerpc.deb
Size/MD5 checksum: 112178 59472b074ff777847bfd741a23b48f5d

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_s390.deb
Size/MD5 checksum: 106278 aeeb3522110d4308fab12ac704942491

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_sparc.deb
Size/MD5 checksum: 111230 8bd8f330c33d7d00bff11db1ac4318ed

-- Debian GNU/Linux unstable alias sid --

Fixed in version 1.0k-6.

ORIGINAL ADVISORY:
http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00142.html
http://cvs.kitenet.net/joey-cvs/public/packages/xbl/bl.c?sortby=rev&only_with_tag=debian_version_1_0k-6

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------