Bug 78169

Summary: vulnerability in the MIT-SHM extension ofXFree86 prior to versions 4.2.1
Product: [Retired] Red Hat Linux Reporter: jian liu <jian.liu>
Component: XFree86Assignee: Mike A. Harris <mharris>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://www.xfree86.org/security/
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-02-17 10:19:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 78566    

Description jian liu 2002-11-19 17:11:04 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.4.3 i686)

Description of problem:
quote from http://online.securityfocus.com/advisories/4596: Roberto Zunino
discovered a vulnerability in the MIT-SHM extension of XFree86 prior to versions
4.2.1. The vulnerability allows a local user who can run XFree86 to gain
read/write access to any shared memory segment in the system. Although the use
of shared memory segments to store trusted data is not a common practice, by
exploiting this vulnerability the attacker potentially can get and/or change
sensitive information.

The XFree86 Project fixed the vulnerability in its 4.2.1 release. Please see
http://www.xfree86.org/security/ for details.


Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 Mike A. Harris 2002-11-21 12:37:31 UTC 
Does Sun Linux contain a fix for this?
Comment 2 jian liu 2002-11-21 16:28:16 UTC 
No, Sun Linux does not contain a fix for this.
Comment 3 Mike A. Harris 2002-11-25 21:35:23 UTC 
If sun plans on fixing this, if you could attach the fix you guys end
up using to this bug report, it would be appreciated as well.
Comment 4 jian liu 2002-11-26 19:25:10 UTC 
Unfortunately, we don't have a plan to come up with a fix for this bug, at least
not in a short term.
Comment 5 Mike A. Harris 2002-11-26 20:33:59 UTC 
Hmm, does that mean Solaris is vulnerable also?
Comment 6 jian liu 2002-12-11 16:38:58 UTC 
I'm sorry that I cannot comment on Solaris.
Comment 7 Mike A. Harris 2002-12-15 10:18:47 UTC 
No prob, I've had someone else confirm that this affects Solaris also, but
thanks for looking into it.
Comment 8 Mark J. Cox 2003-02-17 10:19:57 UTC 
Red Hat Linux 7.3 and 8.0 contained patches for this issue and were not
vulnerable.  As shipped, RHL 7.1 and 7.2 were vulnerable to this
issue, but the errata packages contained fixes for this (the earliest errata
packages with fixes were part of RHBA-2002:068)