LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
NetBSD: XFree86 font buffer overflow vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
NetBSD There is an integer overflow in the XFree86 font libraries, which could lead topotential privilege escalation and/or remote code execution.

		 NetBSD Security Advisory 2003-015
		 =================================

Topic:		Remote and local vulnerabilities in XFree86 font libraries

Version:	NetBSD-current:	source prior to August 31, 2003
		NetBSD 1.6.1:	affected
		NetBSD 1.6:	affected
		NetBSD-1.5.3:	affected
		NetBSD-1.5.2:	affected
		NetBSD-1.5.1:	affected
		NetBSD-1.5:	affected

Severity:	High, for systems running an X server.

Fixed:		NetBSD-current:		August 31, 2003
		(xsrc is not branched by NetBSD release)


Abstract
========

There is an integer overflow in the XFree86 font libraries, which could lead to
potential privilege escalation and/or remote code execution.


Technical Details
=================
 
http://www.securityfocus.com/archive/1/335592

As seen in this advisory, the exact details of these issues have not been
shared.


Solutions and Workarounds
=========================

Workaround (proposed in the XFree86 advisory):

Ensure that neither xfs nor the X server include untrusted font servers in
their font search paths.  Xfs is not started by default in NetBSD and the
X server contains only directories under /usr/X11R6/lib/X11/fonts in its
font path.

To prevent the local privilege escalation problem, remove the suid bit from the
Xserver binary.  This will mean that only root can start the X server.

        chmod u-s /usr/X11R6/bin/XFree86

Please note that removing the suid bit will NOT prevent a compromise due to
malicious fonts.

Fix:

The following instructions describe how to upgrade your X
binaries by updating your source tree and rebuilding and
installing a new version of X.

* NetBSD (all versions):

	Systems running NetBSD with X dated from before 2003-08-30
	should be upgraded to NetBSD with X dated 2003-08-31 or later.

	Unlike the main NetBSD source tree (src), xsrc is not branched
	based on NetBSD versions.

	The following directories need to be updated from the netbsd CVS:
		xsrc/xc/lib/font/fc
		xsrc/xc/lib/FS
		xsrc/xfree/xc/lib/font/fc
		xsrc/xfree/xc/lib/FS


	To update from CVS, re-build, and re-install X:
		# cd xsrc
		# cvs update -d -P xc/lib/font/fc xc/lib/FS \
			xfree/xc/lib/font/fc xfree/xc/lib/FS

		# make build

(The 'build' target performs installation as well as compilation)


Thanks To
=========

Matthias Scheler


Revision History
================

	2003-10-09	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
   ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc

Information about NetBSD and NetBSD security can be found at 
http://www.NetBSD.org/ and  http://www.NetBSD.org/Security/.


Copyright 2003, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2003-015.txt,v 1.4 2003/10/09 03:30:14 groo Exp $

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.