Xdm May Let Local Users View the Error Log Files of a Target User
|
|
SecurityTracker Alert ID: 1017015 |
|
SecurityTracker URL: http://securitytracker.com/id/1017015
|
|
CVE Reference:
CVE-2006-5215
(Links to External Site)
|
Updated: Dec 17 2006
|
Original Entry Date: Oct 9 2006
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in xdm. A local user may be able to view error logs of other users.
A local user can exploit a race condition in the setting of file access permissions on the xdm error log file ($HOME/.xsession-errors) to read the error log file of a target user.
A local user can also exploit a race condition in the setting of file access permissions on the alternate xdm error log file (${TMP-/tmp}/xses-$USER) to read the error log file of a target user.
Steven Bellovin reported these vulnerabilities.
The original reports are available at:
http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32804
http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805
|
Impact:
A local user may be able to view the error log file of other users.
|
Solution:
A fix for the freedesktop.org implementation is available via CVS.
|
Cause:
Access control error, State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Mon, 9 Oct 2006 08:34:49 -0400
Subject: xdm vulnerabilities
|
bug 5897:
A local unprivileged user may be able to view the xdm(1) error log file,
$HOME/.xsession-errors, of another user.
https://bugs.freedesktop.org/show_bug.cgi?id=5897
bug 5898:
A local unprivileged user may be able to view the alternate xdm(1) error log file,
${TMP-/tmp}/xses-$USER, of another user. This alternate log file is only used if the
$HOME/.xsession-errors file could not be created (BugID 6388471).
https://bugs.freedesktop.org/show_bug.cgi?id=5898
|
|
