Bug 78169 - vulnerability in the MIT-SHM extension ofXFree86 prior to versions 4.2.1
vulnerability in the MIT-SHM extension ofXFree86 prior to versions 4.2.1
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: XFree86 (Show other bugs)
7.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Mike A. Harris
David Lawrence
http://www.xfree86.org/security/
: Security
Depends On:
Blocks: 78566
  Show dependency treegraph
 
Reported: 2002-11-19 12:11 EST by jian liu
Modified: 2007-04-18 12:48 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-02-17 05:19:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description jian liu 2002-11-19 12:11:04 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.4.3 i686)

Description of problem:
quote from http://online.securityfocus.com/advisories/4596: Roberto Zunino
discovered a vulnerability in the MIT-SHM extension of XFree86 prior to versions
4.2.1. The vulnerability allows a local user who can run XFree86 to gain
read/write access to any shared memory segment in the system. Although the use
of shared memory segments to store trusted data is not a common practice, by
exploiting this vulnerability the attacker potentially can get and/or change
sensitive information.

The XFree86 Project fixed the vulnerability in its 4.2.1 release. Please see
http://www.xfree86.org/security/ for details.


Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 Mike A. Harris 2002-11-21 07:37:31 EST
Does Sun Linux contain a fix for this?
Comment 2 jian liu 2002-11-21 11:28:16 EST
No, Sun Linux does not contain a fix for this.
Comment 3 Mike A. Harris 2002-11-25 16:35:23 EST
If sun plans on fixing this, if you could attach the fix you guys end
up using to this bug report, it would be appreciated as well.

Comment 4 jian liu 2002-11-26 14:25:10 EST
Unfortunately, we don't have a plan to come up with a fix for this bug, at least
not in a short term.
Comment 5 Mike A. Harris 2002-11-26 15:33:59 EST
Hmm, does that mean Solaris is vulnerable also?
Comment 6 jian liu 2002-12-11 11:38:58 EST
I'm sorry that I cannot comment on Solaris.
Comment 7 Mike A. Harris 2002-12-15 05:18:47 EST
No prob, I've had someone else confirm that this affects Solaris also, but
thanks for looking into it.
Comment 8 Mark J. Cox (Product Security) 2003-02-17 05:19:57 EST
Red Hat Linux 7.3 and 8.0 contained patches for this issue and were not
vulnerable.  As shipped, RHL 7.1 and 7.2 were vulnerable to this
issue, but the errata packages contained fixes for this (the earliest errata
packages with fixes were part of RHBA-2002:068)

Note You need to log in before you can comment on or make changes to this bug.