LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
NetBSD-SA1998-002 xterm and Xaw vulnerablilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
NetBSD Vulnerabilities (buffer overflows) in the xterm(1) and Xaw library distributed with NetBSD, may allow a local user to gain super-user privileges. The `inputMethod' and `preeditType' resources are vulnerable in both xterm(1) and the Xaw library, with the `*Keymap' resources also vulnerable in xterm(1).
-----BEGIN PGP SIGNED MESSAGE-----

                 NetBSD Security Advisory 1998-002
                 ---------------------------------

Topic:          xterm and Xaw library vulnerability
Version:        NetBSD 1.3, 1.3.1
Severity:       local user may gain super-user privileges


Abstract
- --------

Vulnerabilities (buffer overflows) in the xterm(1) and Xaw library
distributed with NetBSD, may allow a local user to gain super-user
privileges.  The `inputMethod' and `preeditType' resources
are vulnerable in both xterm(1) and the Xaw library, with the `*Keymap'
resources also vulnerable in xterm(1).


Technical Details
- -----------------

Several memory copies in the xterm(1) and Xaw library do not properly
bounds check their arguments, allowing the user to overwrite parts of
the processes address space.  By overwriting the programs' stack, it is
possible to change the return value of the current function to the
data written, arbitrary code can be executed, allowing a local user
to gain super-user privileges, as xterm(1) is setuid-root.  Any setuid
program that uses the Xaw library is similarly affected.  In NetBSD,
the only setuid-root X11 programs are xterm(1) and xconsole(1).


Solutions and Workarounds
- -------------------------

A patch is available for the NetBSD 1.3 and NetBSD 1.3.1 X11 source,
which fixes the above problems.  You may find this patch on the NetBSD
ftp server:

    ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/19980503-xsrc

The patch contains details on how to apply it.


Alternatively, by removing the setuid bit on the xterm(1) and
xconsole(1) programs, the problem can be worked out (but with a loss
of functionality).  This can be done with the following command:

    # chmod u-s /usr/X11R6/bin/xconsole /usr/X11R6/bin/xterm


Thanks To
- ---------

Thanks to the The Open Group and CERT for forwarding information about
the problems, Tom E. Dickey  and the XFree86 team for
providing actual fixes for the xterm and Xaw problems, respectively.
Please see http://www.opengroup.org/, http://www.cert.org/ and
http://www.XFree86.org/ for more information about these groups.


More Information
- ----------------

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 1998, The NetBSD Foundation.  All Rights Reserved.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBNVWbfz5Ru2/4N2IFAQGyzQQAsX5sSw2KYD4gwY5bIz8JUfH1bc7gC65V
o65GJ1psgdPElA0HsbSeDOi1bA0BlWVmB3BC0w9Im9gcN+Upj2su56BteyT9kHwe
XVDSFZ+wk6SgQkDhpbZGIL5eDauLJRLc5FLh7p/Myh5Ye/6CTNWI3evtxE1VOtum
mhK3O0fR0zs=
=f0Sv
-----END PGP SIGNATURE-----
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
State-of-the-art spear phishing and defenses
Linux kernel source code repositories get better security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.