(Sun Issues Fix) X.Org Server '-modulepath' and '-logfile' Parameter Privilege Validation Error Lets Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1015796 |
|
SecurityTracker URL: http://securitytracker.com/id/1015796
|
|
CVE Reference:
CVE-2006-0745
(Links to External Site)
|
Updated: Mar 30 2006
|
Original Entry Date: Mar 21 2006
|
Impact:
Execution of arbitrary code via local system, Modification of system information, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): X.Org server 1.0.0 and later; also X11R6.9.0 and X11R7.0
|
Description:
A vulnerability was reported in X.Org server. A local user can gain elevated privileges.
The server does not correctly validate a user's privileges when parsing the '-modulepath' and '-logfile' options. A local user can supply a specially crafted value to cause the server to load arbitrary code from the system and execute the code with root privileges or to overwrite arbitrary files with the system log.
X11R6.8.2 and prior versions are not affected.
The vendor credits the Coverity Prevent code audit tool with discovering this vulnerability.
|
Impact:
A local user can gain root privileges.
|
Solution:
Sun has issued the following fix for the x86 Platform:
Solaris 10 patch 118966-18 or later
Sun has also described a manual workaround in their advisory at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1
|
Vendor URL: www.x.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 21 Mar 2006 01:43:50 -0500
Subject: Security Vulnerabilities found in the Xorg(1) X11R6.9 and X11R7.0 Server
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1
CVE-2006-0745
|
|
