Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: 'xfree86-1' vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Debian Chris Evans, Joseph S. Myers, Michal Zalewski, Alan Cox, and others have noted a number of problems in several components of the X Window System sample implementation.

Debian Security Advisory DSA-030-1                                  Wichert Akkerman
February 12, 2001

Package        : xfree86-1
Vulnerability  : buffer overflow, insecure tempfile handling,
                 denial-of-service attack
Debian-specific: no

Chris Evans, Joseph S. Myers, Michal Zalewski, Alan Cox, and others have
noted a number of problems in several components of the X Window System
sample implementation (from which XFree86 is derived).  While there are no
known reports of real-world malicious exploits of any of these problems, it
is nevertheless suggested that you upgrade your XFree86 packages

The scope of this advisory is XFree86 3.3.6 only, since that is the version
released with Debian GNU/Linux 2.2 ("potato"); Debian packages of XFree86
4.0 and later have not been released as part of a Debian distribution.

Several people are responsible for authoring the fixes to these problems,
including Aaron Campbell, Paulo Cesar Pereira de Andrade, Keith Packard,
David Dawes, Matthieu Herrb, Trevor Johnson, Colin Phipps, and Branden

- The X servers are vulnerable to a denial-of-service attack during
  XC-SECURITY protocol negotiation.
  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

- X clients based on Xlib (which is most of them) are subject to potential
  buffer overflows in the _XReply() and _XAsyncReply() functions if they
  connect to a maliciously-coded X server that places bogus data in its X
  protocol replies.

  NOTE: This is only an effective attack against X clients running with
  elevated privileges (setuid or setgid programs), and offers potential
  access only to the elevated privilege.  For instance, the most common
  setuid X client is probably xterm.  On many Unix systems, xterm is setuid
  root; in Debian 2.2, xterm is only setgid utmp, which means that an
  effective exploit is limited to corruption of the lastlog, utmp, and wtmp
  files -- *not* general root access.  Also note that the attacker must
  already have sufficient privileges to start such an X client and
  successfully connect to the X server.

  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

- There is a buffer overflow (not stack-based) in xdm's XDMCP code.
  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

- There is a one-byte overflow in Xtrans.c.
  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

- Xtranssock.c is also subject to buffer overflow problems.
  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

- There is a buffer overflow with the -xkbmap X server flag.
  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

- The MultiSrc widget in the Athena widget library handle temporary files
  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

- The imake program handles temporary files insecurely when executing
  install rules.
  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

- The ICE library is subject to buffer overflow attacks.
  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

- The xauth program handles temporary files insecurely.
  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

- The XauLock() function in the Xau library handles temporary files
  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

- The gccmakedep and makedepend programs handle temporary files insecurely.
  Vulnerable: Debian 2.2, Debian 2.2r1, Debian 2.2r2

All of the above issues are resolved by this security release.

There are several other XFree86 security issues commonly discussed in
conjunction with the above, to which an up-to-date Debian 2.2 system is
*NOT* vulnerable:

- There are 4 distinct problems with Xlib's XOpenDisplay() function in
  which a maliciously coded X server could cause a denial-of-service attack
  or buffer overflow.  As before, this is only an effective attack against
  X clients running with elevated privileges, and the attacker must already
  have sufficient privileges to start such an X client and successfully
  connect to the X server.  Debian 2.2 and 2.2r1 are only vulnerable to one
  of these problems, because we applied patches to XFree86 3.3.6 to correct
  the other three.  An additional patch applied for Debian 2.2r2 corrected
  the fourth.
  Vulnerable: Debian 2.2, Debian 2.2r1

- The AsciiSrc widget in the Athena widget library handles temporary files
  insecurely.  Debian 2.2r2 is not vulnerable to this problem because we
  applied a patch to correct it.
  Vulnerable: Debian 2.2, Debian 2.2r1

- The imake program uses mktemp() instead of mkstemp().  This problem does
  not exist in XFree86 3.3.6, and therefore no release of Debian 2.2 is

These problems have been fixed in version 3.3.6-11potato32 and we recommand
that you upgrade your X packages immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.2 alias potato

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
  At this moment m68k packages are not available yet. Once they become
  available they will be announced on

  Source archives:
      MD5 checksum: 69cc55bd586d711c23c64e86f4a0a39a
      MD5 checksum: 1865df3421c2f9f41d08b9848c5c866a
      MD5 checksum: c4669bc60748021d9432e709286f6e4f

  Architecture indendent archives:
      MD5 checksum: c8b22fe902e1aa8a7a060e6583006687
      MD5 checksum: 000d8ff1f045fb672011f6be512fa70a
      MD5 checksum: ae0366e2ccfd3b67604639eb4a937a55

  Alpha architecture:
      MD5 checksum: 7016eb78b364e47dd060c51e7b068a47
      MD5 checksum: 6c7a7db332fc0bc1e6015c6f48a07354
      MD5 checksum: 133aaf41be70205abed442076afef7c4
      MD5 checksum: 6b832ec44b17f0736d607d1a07fec93b
      MD5 checksum: f83f3ee576eee40736810065c2981606
      MD5 checksum: 13d82d3fa7b0fc08f1a8e121c7be5ae1
      MD5 checksum: fe9b269fe871f79f32ec5ed136341220
      MD5 checksum: d1c7bc79b308c640806d004450ee681f
      MD5 checksum: 1f610de0a57488210c863becde75c3b9
      MD5 checksum: 8f966a797732527914e0c69c9ddccd2e
      MD5 checksum: 90791ebb652da5e8633e3f22173ee3ee
      MD5 checksum: 513b94c445752986a7af3cb2dbee69ec
      MD5 checksum: c8149f37106daac11e3721ff189429c4
      MD5 checksum: 7cba0fd69aa39934f1aa855103d5ab32
      MD5 checksum: 9520a673ce7cb87eb0a84752d850dca3
      MD5 checksum: 4faba513d9a29061378756ad491380b1
      MD5 checksum: 554faa5df6a7e7752bb41dbafaa13683
      MD5 checksum: b3c56c3140475ecd6f1f1ea90917731f
      MD5 checksum: ad5474c1b98263db4984433d1b2fe6cb
      MD5 checksum: 3e3209f18e8fe3133976fbd34d10854a
      MD5 checksum: d79c01d56e54457e10c0db1e252abb11
      MD5 checksum: 9d8aaee346d92200dcfbac3fdeb5e849
      MD5 checksum: 019093d1f6c099e7a314fd7c4db1825e
      MD5 checksum: f749cf74f2de1e27de63440bd2aa9959
      MD5 checksum: 26b0f6107792962a38c5cb54e864a4ee
      MD5 checksum: 2e1160fcf14bd0b53e5ec05cdf9fb6e9
      MD5 checksum: 2148c30c9281b206a7262a257f8a631a
      MD5 checksum: 4fd7f49556c10fa702b395affe32ca46
      MD5 checksum: b1d76c2437d0edd7579027bf98baa9ea

  ARM architecture:
      MD5 checksum: a74f82bb54045973f66e5e8c2288bb67
      MD5 checksum: 20e9eadca43125ca5a7fbaf77e4401da
      MD5 checksum: 57beb0497b91b06c009594d3d4413168
      MD5 checksum: f1d7460483afaa5a84342367383a1d62
      MD5 checksum: a68db403ff21dab898574e8045d9e3fb
      MD5 checksum: aa8c6f3fd38c9cfed5b944484520ecb4
      MD5 checksum: 2e60e3a0434337457150a87afaba59b8
      MD5 checksum: dd5b7bc5a4fee4b0fe6dea82b015a81f
      MD5 checksum: 5bd73196d5b95f08db7efb610346bec9
      MD5 checksum: d5b03006576d3ff44f4d35ce9aacddf9
      MD5 checksum: a0a0aee768ac07409e1d4a8b695734e9
      MD5 checksum: cc3d0d62836fb10d49aca83062188636
      MD5 checksum: 7e074d0c074af762b017ffdd36f68bb2
      MD5 checksum: 09216ab3689d30eb2b5ea6f3f1ddca17
      MD5 checksum: dec81f45cfca6c038427b312fed1405e
      MD5 checksum: 994637a3e1d8c6fd5e289d73fa717861
      MD5 checksum: 6f51fa8caf5330af5710f77d6d335cc2
      MD5 checksum: 60a3cc66cbbe6e8cc921e6f8b0ce06f6

  Intel ia32 architecture:
      MD5 checksum: e3d0592e48eb3e312e5098b9b8fbd5bd
      MD5 checksum: ad1b70c0e1c8ce5e7549831c8a661926
      MD5 checksum: 3a13e4b10c2ea0ed2a0cd200b5cf99aa
      MD5 checksum: 5c69e9f6cfd854fcc35bdcc28e842aac
      MD5 checksum: eef72e739fa7b54a6dd5483d863ebe9a
      MD5 checksum: bebaddde2a877142d701959499341724
      MD5 checksum: 4d74861bba07d483afccb8b82e75524e
      MD5 checksum: 3857e5548b6b0ccf93548b5e12b9fb94
      MD5 checksum: 04ee5c0a5f5c5d1d5ec7c3fa1a8abb41
      MD5 checksum: 1e621013cff2ce5e684ff3dd6eed4ada
      MD5 checksum: a7190ee3a4316ae816b3c7b65e54e59f
      MD5 checksum: 11d0a291a25c25aea161bf93db38d5a1
      MD5 checksum: e1eb815fc9a01da36d7444b3a2fd3fda
      MD5 checksum: f0a5ca51e123bf428f442f4a0664024e
      MD5 checksum: 9f8625022de16d63f57d906f04fceced
      MD5 checksum: c3f23c39edf15bb8f11b4a54f079d7ca
      MD5 checksum: f880d68af3d77c6052220885ea11ff17
      MD5 checksum: be2effceaf52bea16f0f391495d9c03f
      MD5 checksum: e3635066c8e25bb4ad8f0051548b92cc
      MD5 checksum: 623f2183d5f277fc363e74c22296a35e
      MD5 checksum: 5a17c8c2ea526f802bb83c6c3aa5e0d3
      MD5 checksum: 6d5ca2b5e6fe1affc5a511bf6e436665
      MD5 checksum: 3bee6d80194df3c3904d841e16ff3d0f
      MD5 checksum: 8bdf77a6e5dae42a6407a3688a4fc08a
      MD5 checksum: 62daf60fcb82abdf56dae2fcb8eb707a
      MD5 checksum: 415e0317d76dd4f27c52f6c9e206c5d9
      MD5 checksum: 426751b7edd46e5968ecbb0ec9455fc7
      MD5 checksum: e8bf157d04976c87ceacd0ddde068cf4
      MD5 checksum: 9caf08be5a7ea892f8dceb17ef8ea3b8
      MD5 checksum: 0eb3ea2a3f381d1e9297b400ad908f79
      MD5 checksum: 5af1509c75304875f87b892b6f734484
      MD5 checksum: 1eea9af440c79e1cf5c4354243ecc34d
      MD5 checksum: 6f45b950936530189f953bd28c0331c9
      MD5 checksum: 95e542ddf4e994eb014e22f5bb77fb94
      MD5 checksum: dfe890b03ea09cc4003681a187d24ede

  PowerPC architecture:
      MD5 checksum: fea33d0dcf4a5199984cd4e4b3bdcc62
      MD5 checksum: f12a774751ea4a6f0f64745e95ba62fd
      MD5 checksum: c8e531206440a3762cd08d08b69aecfb
      MD5 checksum: 320fa9aa9e7803ff444396350bc02961
      MD5 checksum: 415248c142cc892b72bde859d9cacde0
      MD5 checksum: 6863f8f353e9592f0479ff95221e65e5
      MD5 checksum: d87dd3ba113feb97f72fb98548924d0d
      MD5 checksum: 7ae2d8e80616cd6bec528174f2fe98dc
      MD5 checksum: 1a2762def576884b64c5e662b61606de
      MD5 checksum: 640b1a3fecf20c87b49ed040db54d970
      MD5 checksum: 4fa0e956b167274415c1e1512f94c227
      MD5 checksum: af6dd3f6cf611f3120628a415ed6df89
      MD5 checksum: b9932da793b94c5281db77674d049c04
      MD5 checksum: 1973982ddc3325de726623f248e1fcb4
      MD5 checksum: 9a1d0c986411ff763c4669f0b18fab67
      MD5 checksum: 06d9ccd4c945b397b5e0d68cdbc2bc16
      MD5 checksum: e7b71bbc8bf8a4fab1a32ea4afe34ea9
      MD5 checksum: c02c605c0149645a951448c6ff8cfbf5

  Sun Sparc architecture:
      MD5 checksum: 2ac68b7495bb6aa743dd4b88acd64b70
      MD5 checksum: cafda6b0358af420ef392822436058a3
      MD5 checksum: 6072f6e30a444b4cdbd49c85c7892131
      MD5 checksum: 1874048ad3f397fbff1ead11f0e10cd0
      MD5 checksum: 8199681a782a0609a7578dff15745d6a
      MD5 checksum: 151363a3590aa61dd42b62ccd95a37ac
      MD5 checksum: adedf419e79f1bf7b4eefdc698d2c3f1
      MD5 checksum: b50b401592e844b933b05fb0252a8308
      MD5 checksum: 444875a9bebb02e38ebe7a2ddd132b85
      MD5 checksum: 00e6656e19fa100359efb5647e1674bd
      MD5 checksum: 1faeb8494593c823117cd7ffed91b1ce
      MD5 checksum: b08b12c3d791f664475865780adda576
      MD5 checksum: 2e4837c71af32dea4179d4c76880c5eb
      MD5 checksum: f5681db32ef1d79e4ebadf94c3ad753f
      MD5 checksum: 8e40385ba47efee7fd026cfff90722c1
      MD5 checksum: 9755794983421183be1ec2c435870482
      MD5 checksum: 9cd17f998483034fe1cc00cfc12f8e4e
      MD5 checksum: 57b0453b9fa62b95db47125878b123d2
      MD5 checksum: 61abde1c3b361cb13e51da92078ffabb
      MD5 checksum: 4993edb405722fdffbde36c0a4106fe2
      MD5 checksum: 2085a88b6a0955ec0dd41c5b9243a80d
      MD5 checksum: 2a0bc3d0e1da1c307015eacb6b0ce742
      MD5 checksum: bad17a61b6d07c6d5b004ab12d5ba56e

  These files will be moved into*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate
directory$arch/ .

apt-get: deb stable/updates main
dpkg-ftp: dists/stable/updates/main
Mailing list:

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.