|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
The Xaw library contains a flaw that may allow a local malicious user to overflow a buffer associated to the inputMethod and preeditType resources. The issue is triggered when a specially crafted string containing machine code is used to set a specific resource in any application utilizing the Xaw library. It is possible that the flaw may allow the user to gain root privileges by spawning a setuid-root shell resulting in a loss of integrity.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Rumored / Private
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to X11 to version X11R6.5 or higher, and upgrade XFree86 to version 3.3.2 patch 1 or higer, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround.
Remove the setuid root bit from any application utilizing the Xaw library:
chmod 0755 /path/to/application
|
|
Products |
|
X11
 |
R6 |
R6.1 |
R6.2 |
R6.3 |
R6.4 |
|
XFree86
|
3.0.x |
3.1.x |
3.2.x |
3.3.1 |
3.3.2 |
3.3.2p1 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
