SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   libXpm Vendors:   X.org
libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012251
SecurityTracker URL:  http://securitytracker.com/id/1012251
CVE Reference:   CAN-2004-0914   (Links to External Site)
Updated:  Sep 20 2005
Original Entry Date:  Nov 17 2004
Impact:   Denial of service via local system, Denial of service via network, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): R6.8.1 and prior versions
Description:   Several vulnerabilities were reported in libXpm. A user can create a specially crafted image file that, when processed by libXpm, may cause the application to crash or execute arbitrary code.

The vendor reported that the code contains multipel integer overflows, memory access errors, input validation errors, and logic errors. A remote user may be able to execute shell commands, traverse the directory, and cause denial of service conditions.

Petr Mladek and Thomas Biege are credited with reporting these flaws.
Impact:   A user can create an image file that, when processed by the target application, will cause denial of service conditions or execute arbitrary code on the target system. the specific impact depends on the application that uses libXpm.
Solution:   The vendor has issued a source patch.

For X.Org Release 6.8.0:

http://www.x.org/pub/X11R6.8.0/patches/xorg-680-CAN-2004-0914.patch

For X.Org Release 6.8.1 under:

http://www.x.org/pub/X11R6.8.1/patches/xorg-681-CAN-2004-0914.patch

HP has issued Early Release Patches for HP Tru64 UNIX:

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
Vendor URL:  x.org/ (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 17 2004 (SuSE Issues Fix) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code   (Thomas Biege <thomas@suse.de>)
SuSE has released a fix.
Nov 19 2004 (Fedora Issues Fix for FC3) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code   (Kristian_Hogsberg <krh@redhat.com>)
Fedora has released a fix for Fedora Core 3.
Nov 19 2004 (Fedora Issues Fix for FC2) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code   (Kristian_Hogsberg <krh@redhat.com>)
Fedora has released a fix for Fedora Core 2.
Nov 19 2004 (Gentoo Issues Fix) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code   (Thierry Carrez <koon@gentoo.org>)
Gentoo has released a fix.
Nov 23 2004 (Mandrake Issues Fix) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has issued a fix.
Nov 23 2004 (Mandrake Issues Fix) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has issued a fix.
Dec 2 2004 (Red Hat Issues Fix for Open Motif) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for Open Motif on Red Hat Enterprise Linux 2.1 and 3
Dec 10 2004 (Debian Issues Fix for XFree86) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code   (joey@infodrom.org (Martin Schulze))
Debian has released a fix for xfree86.
Dec 20 2004 (Red Hat Issues Fix for XFree) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for XFree86.
Jan 13 2005 (Red Hat Issues Fix for LessTif) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix.
Sep 20 2005 (HP Issues Fix for Tru64 UNIX) libXpm Memory Leaks, Overflows, and Input Validation Errors May Let Remote Users Execute Arbitrary Code
HP has issued a fix for HP Tru64 UNIX.


 Source Message Contents
Date:  Wed, 17 Nov 2004 16:28:37 -0500
Subject:  [none]


               X.Org Foundation Security Advisory

                     For The X Window System 
               
                      17 November 2004

            - - - - - - - - - - - - - - - - - - - - -

Brookline MA, November 17, 2004 - The X.Org Foundation today announced
the release of a patch for the X Window System, which addresses the 
security vulnerability first announced on September 15, 2004, with 
the release of source patch CAN-2004-0687-0688.patch.

X.Org was made aware of additional security vulnerability in libXpm, the X 
Pixmap library, which is shipped as part of the X Window System. The 
affected library is used in many popular application for image viewing and 
manipulation. This library was subject of recent security advisories 
(CAN-2004-0687 and CAN-2004-0688).
1. Affected versions

All X.Org release up to and including R6.8.1 are vulnerable. Products like 
XFree86, lesstif and OpenMotif, which include libXpm are likely to be 
affected. 


2. Description

libXpm is a library for manipulating pixmaps used by the X Window
System.  After the release of the X11R6.8.1 security release, a more
extensive security audit was made. 

Several integer overflows and out-of-bounds memory accesses have been
identified and fixed, a path traversal has been fixed and shell command 
execution has been made more secure. This new fix also addresses possible 
endless loops and memory leaks. These vulnerabilities may allow an 
application linking against libXpm to crash, to become unusable, or to 
execute other code of a user running an application linked against libXpm.

3. CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CAN-2004-0914 to these issues. This is a candidate for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems. You may check: 
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
 

4. Available Patch.

A source patch is available for:
  X.Org Release 6.8.0 under:
     http://www.x.org/pub/X11R6.8.0/patches/xorg-680-CAN-2004-0914.patch
  and X.Org Release 6.8.1 under:
     http://www.x.org/pub/X11R6.8.1/patches/xorg-681-CAN-2004-0914.patch
and from X.Org mirror sites world-wide.

5. Acknowledgments

The X.Org Foundation would like to thank Petr Mladek for identifying the
vulnerabilities and providing a patch, and Thomas Biege for systematically 
reviewing the libXpm code and fixing additional possible vulnerabilities. 
The X.Org Foundation would also thank Matthieu Herrb and Jacques A. Vidrine
for their help in auditing the code, reviewing the patch and suggesting 
additional fixes.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC