===================================================================== CERT-Renater Note d'Information No. 2006/VULN485 _____________________________________________________________________ DATE : 05/09/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Mandriva Linux running xorg-x11. ====================================================================== _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:160 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xorg-x11 Date : August 31, 2006 Affected: 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. In practice, it is unlikely that these programs have any real-world vulnerability. The X binary is the only one shipped suid. Further analysis of the code in question shows that it's highly unlikely that this can be exploited. Patched updates are provided as a precaution nonetheless. Updated packages are patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: dcb20582a5065744de4726c9f766ae39 2006.0/RPMS/libxorg-x11-6.9.0-5.9.20060mdk.i586.rpm bcd556a24ed3414007cd2c735725d811 2006.0/RPMS/libxorg-x11-devel-6.9.0-5.9.20060mdk.i586.rpm fdd48d3aabf17504715b0ac77c518ef1 2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.9.20060mdk.i586.rpm d31780e9e640e1c2e52907c61c7741d6 2006.0/RPMS/X11R6-contrib-6.9.0-5.9.20060mdk.i586.rpm 58b0659c5e161f4eac7c6c3d57b9a5a4 2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.9.20060mdk.i586.rpm ce4099426bf78152f8cce916d991bf31 2006.0/RPMS/xorg-x11-6.9.0-5.9.20060mdk.i586.rpm c5c5d881ec4fa25712c04bf858cafdae 2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.9.20060mdk.i586.rpm 47eebf4341d36377595d275d494884ce 2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.9.20060mdk.i586.rpm d8c47f18ededd363aa7999ac9c74e525 2006.0/RPMS/xorg-x11-doc-6.9.0-5.9.20060mdk.i586.rpm df35175ad9cfdaa619fc855e2a305872 2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.9.20060mdk.i586.rpm 782083d15ac2cf99b72e8884b1ad9f69 2006.0/RPMS/xorg-x11-server-6.9.0-5.9.20060mdk.i586.rpm 7dce0242f2493bda5e566079eeb26ddb 2006.0/RPMS/xorg-x11-xauth-6.9.0-5.9.20060mdk.i586.rpm 788887873c6781f4d04d4c22f15584f2 2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.9.20060mdk.i586.rpm ec74ddd837416045280a14fea9bc1ee5 2006.0/RPMS/xorg-x11-xfs-6.9.0-5.9.20060mdk.i586.rpm 51f267b6f8eb58c1df9a3f91c3b31b99 2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.9.20060mdk.i586.rpm 42d8a58fd96c62f4a5c01fcefc2c1875 2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.9.20060mdk.i586.rpm 2d0f23a6896a459cdb1da2f1898ec81a 2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.9.20060mdk.i586.rpm 47cc5a6fd1eecb2679b5a623b9ddfe64 2006.0/SRPMS/xorg-x11-6.9.0-5.9.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: ee089c7507299169663a4bccfe4be6c7 x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.9.20060mdk.x86_64.rpm 2e7fd06ccb6313acca657a3e68c3ce35 x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.9.20060mdk.x86_64.rpm 3c873467b4813cf3d500860501f2f45a x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.9.20060mdk.x86_64.rpm 796e0bfbd979cef4675492ed4dcfa0bc x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.9.20060mdk.x86_64.rpm ce13145b02fc3c8f69e718e91d2db266 x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.9.20060mdk.x86_64.rpm cfc9452bf907155f60ed8b6815f790ac x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.9.20060mdk.x86_64.rpm f847dce08140455962c2797bdcfe94f2 x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.9.20060mdk.x86_64.rpm 5a1ce6b27ecc1bd8a02ade0bf5e8742d x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.9.20060mdk.x86_64.rpm a96fa59b6ee367d006b83e8f1108f65e x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.9.20060mdk.x86_64.rpm b84fd79cc72a3f66840ec0549f379723 x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.9.20060mdk.x86_64.rpm 8f22f5468a07abbc3bf60f93a85997a1 x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.9.20060mdk.x86_64.rpm f7c04028cf16bf87b6a91e5099c202f7 x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.9.20060mdk.x86_64.rpm b34e978f93bb8b219d83267abac98674 x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.9.20060mdk.x86_64.rpm fed4590b44f0b59fe78b41fefedc1891 x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.9.20060mdk.x86_64.rpm 25d83c3b26e0a429ea9a0dca889af6f0 x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.9.20060mdk.x86_64.rpm a466543fca0e43341d993d70f458f2ee x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.9.20060mdk.x86_64.rpm 8b63d5f0768bda693408d25d1b121e46 x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.9.20060mdk.x86_64.rpm 47cc5a6fd1eecb2679b5a623b9ddfe64 x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.9.20060mdk.src.rpm Corporate 3.0: a9450f3155f8823499fe957c2dd5482a corporate/3.0/RPMS/libxfree86-4.3-32.7.C30mdk.i586.rpm dfa43f7a45a823527c0009f501c85041 corporate/3.0/RPMS/libxfree86-devel-4.3-32.7.C30mdk.i586.rpm 8679c26c2afc856d6b015ac1f732c999 corporate/3.0/RPMS/libxfree86-static-devel-4.3-32.7.C30mdk.i586.rpm f28232feaf28bc7ad8f8ef8347dbb6a9 corporate/3.0/RPMS/X11R6-contrib-4.3-32.7.C30mdk.i586.rpm f3c7a17ff728d8b47747e53ac757f444 corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.7.C30mdk.i586.rpm 50ca357364f011b414b4f66630e674b7 corporate/3.0/RPMS/XFree86-4.3-32.7.C30mdk.i586.rpm df154521f2fbe721b93b6d1ad3a3eb9b corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.7.C30mdk.i586.rpm dd806dd6b8ab801a44df03c1d9d6f66f corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.7.C30mdk.i586.rpm 281882ee8ec4f6798e3fec2c075b0d8e corporate/3.0/RPMS/XFree86-doc-4.3-32.7.C30mdk.i586.rpm d4d1a7c34ce535915fdfc31ee2fe1f7f corporate/3.0/RPMS/XFree86-glide-module-4.3-32.7.C30mdk.i586.rpm 75994a655bfe6e08b979a68972f6e51c corporate/3.0/RPMS/XFree86-server-4.3-32.7.C30mdk.i586.rpm f1057204fca95decacdfe85a6b8c5906 corporate/3.0/RPMS/XFree86-xfs-4.3-32.7.C30mdk.i586.rpm c71dfaa88405aecc32fcabe47e1c53af corporate/3.0/RPMS/XFree86-Xnest-4.3-32.7.C30mdk.i586.rpm 9cbc4bf866de30681b7fb0cb4614a06d corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.7.C30mdk.i586.rpm c753f021aa04063be981ad656072b615 corporate/3.0/SRPMS/XFree86-4.3-32.7.C30mdk.src.rpm Corporate 3.0/X86_64: 48112a9314130b94a6c94c0543ea13de x86_64/corporate/3.0/RPMS/lib64xfree86-4.3-32.7.C30mdk.x86_64.rpm 8dd0ede32cdbb8edf8a5485052a0a6f1 x86_64/corporate/3.0/RPMS/lib64xfree86-devel-4.3-32.7.C30mdk.x86_64.rpm 4f87c1f85b61d34ec778b57f33113598 x86_64/corporate/3.0/RPMS/lib64xfree86-static-devel-4.3-32.7.C30mdk.x86_64.rpm ea4b88d183e635016c2c0dc1e32618b5 x86_64/corporate/3.0/RPMS/X11R6-contrib-4.3-32.7.C30mdk.x86_64.rpm a88f094df62055d0f507de22931cd076 x86_64/corporate/3.0/RPMS/XFree86-100dpi-fonts-4.3-32.7.C30mdk.x86_64.rpm 43ff4255335fd98864614d57ee6abfd5 x86_64/corporate/3.0/RPMS/XFree86-4.3-32.7.C30mdk.x86_64.rpm 1517b72ee57688326bde5b7041b0312f x86_64/corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.7.C30mdk.x86_64.rpm 9fcee06cbffe64bcca20c94d295b02d8 x86_64/corporate/3.0/RPMS/XFree86-cyrillic-fonts-4.3-32.7.C30mdk.x86_64.rpm f1712867f17668e3de3664c16284cde6 x86_64/corporate/3.0/RPMS/XFree86-doc-4.3-32.7.C30mdk.x86_64.rpm 17cf639b7aa1fcd153b6f7c85c77b401 x86_64/corporate/3.0/RPMS/XFree86-server-4.3-32.7.C30mdk.x86_64.rpm b7377bcb482b977684e60c5cb473d513 x86_64/corporate/3.0/RPMS/XFree86-xfs-4.3-32.7.C30mdk.x86_64.rpm 67491c7d711c1abcfd746c1f4d4c99b1 x86_64/corporate/3.0/RPMS/XFree86-Xnest-4.3-32.7.C30mdk.x86_64.rpm d66e63dce8c577ea71eaa44f638f2a5e x86_64/corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.7.C30mdk.x86_64.rpm c753f021aa04063be981ad656072b615 x86_64/corporate/3.0/SRPMS/XFree86-4.3-32.7.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================