LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated xorg-x11 packages to address local root vuln Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which allows non-root users to use the -modulepath, -logfile and -configure options. This allows loading of arbitrary modules which will execute as the root user, as well as a local DoS by overwriting system files. Updated packages have been patched to correct these issues.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:056
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xorg-x11
 Date    : March 20, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which
 allows non-root users to use the -modulepath, -logfile and -configure 
 options. This allows loading of arbitrary modules which will execute as 
 the root user, as well as a local DoS by overwriting system files.
 
 Updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0745
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 46ee786eaf6fbcf7bf938ebce48a7ce1  2006.0/RPMS/libxorg-x11-6.9.0-5.3.20060mdk.i586.rpm
 3f06cae5a43ea06de97ab93b623c7f1e  2006.0/RPMS/libxorg-x11-devel-6.9.0-5.3.20060mdk.i586.rpm
 96c329453a07eda970f6eaeb7a689156  2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.3.20060mdk.i586.rpm
 bcf177b1901d78020090b0197f5b43d4  2006.0/RPMS/X11R6-contrib-6.9.0-5.3.20060mdk.i586.rpm
 32a16643784c1968104d12471bc7ebd1  2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.3.20060mdk.i586.rpm
 7a652e4429fc77aee754a5661bdfe755  2006.0/RPMS/xorg-x11-6.9.0-5.3.20060mdk.i586.rpm
 975a38dcfc7d21448e62c584d7016f2f  2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.3.20060mdk.i586.rpm
 f9c48a395f08686de37a0df30e48e6cc  2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.3.20060mdk.i586.rpm
 fbec9c1632e1ca322f1536ffcbc8446d  2006.0/RPMS/xorg-x11-doc-6.9.0-5.3.20060mdk.i586.rpm
 36a55aa930a752bc2aa75b4af85d9c47  2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.3.20060mdk.i586.rpm
 ceeafcc3c7c41374058a16d33f46339f  2006.0/RPMS/xorg-x11-server-6.9.0-5.3.20060mdk.i586.rpm
 801a6438b6dad8bb7293741deddb1b43  2006.0/RPMS/xorg-x11-xauth-6.9.0-5.3.20060mdk.i586.rpm
 252fdbd50c231c9ad5f81b42c199a2a8  2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.3.20060mdk.i586.rpm
 8e4e6c5f5d84bf80d70f0740ec9ea690  2006.0/RPMS/xorg-x11-xfs-6.9.0-5.3.20060mdk.i586.rpm
 e58bbda0563823ac115cbd88c6c987d8  2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.3.20060mdk.i586.rpm
 01500c42871893583e0b63057fe25167  2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.3.20060mdk.i586.rpm
 ffb613cb4bce6da186cc1db5cb23544d  2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.3.20060mdk.i586.rpm
 6e5852165a323a9bb414bd242df87721  2006.0/SRPMS/xorg-x11-6.9.0-5.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 c7b4f00e9a29235312f0175b9fb409ef  x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.3.20060mdk.x86_64.rpm
 eec32f6ccd371dac59972bda2337f956  x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.3.20060mdk.x86_64.rpm
 7e022bbb1fffd0ea29535929b7a5b77f  x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.3.20060mdk.x86_64.rpm
 b5a9fc15100a53fd0bfc1d9650b79442  x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.3.20060mdk.x86_64.rpm
 0c6b1355f3463cc933cdda3a25ecc8da  x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.3.20060mdk.x86_64.rpm
 dbd2c5fab3e5e0cfe7ecad3116dc5148  x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.3.20060mdk.x86_64.rpm
 8b47d4d7e111764d57049bfe0de214a2  x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.3.20060mdk.x86_64.rpm
 6c7ffd2d8466546d40bbf7d34d07a33c  x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.3.20060mdk.x86_64.rpm
 770a043b690b71592009b36aaa49478c  x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.3.20060mdk.x86_64.rpm
 809daf9878848084378c461ca44e3f24  x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.3.20060mdk.x86_64.rpm
 c1345cff6c24d7b79148077b7175c193  x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.3.20060mdk.x86_64.rpm
 affb27f1d415f544acdcc62a126ab3e6  x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.3.20060mdk.x86_64.rpm
 f16c26fd827c175c674ec16f1e62a391  x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.3.20060mdk.x86_64.rpm
 0ba0619da42ede7ec4eeea529798010c  x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.3.20060mdk.x86_64.rpm
 c7aea15c582521540c8e6827f79d0bc4  x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.3.20060mdk.x86_64.rpm
 6a9081fe30c8c84c280c6a1e63c2c913  x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.3.20060mdk.x86_64.rpm
 7b1e6dd1fa20d2ce0cd410a7562edbaa  x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.3.20060mdk.x86_64.rpm
 6e5852165a323a9bb414bd242df87721  x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.3.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Honeypot Snares Two Bots Exploiting Bash Vulnerability
CloudFlare Rolls Out Free SSL
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.