Bug 78169 - vulnerability in the MIT-SHM extension ofXFree86 prior to versions 4.2.1
Summary: vulnerability in the MIT-SHM extension ofXFree86 prior to versions 4.2.1
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: XFree86
Version: 7.2
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact: David Lawrence
URL: http://www.xfree86.org/security/
Depends On:
Blocks: 78566
TreeView+ depends on / blocked
Reported: 2002-11-19 17:11 UTC by jian liu
Modified: 2007-04-18 16:48 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2003-02-17 10:19:57 UTC

Attachments (Terms of Use)

Description jian liu 2002-11-19 17:11:04 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.4.3 i686)

Description of problem:
quote from http://online.securityfocus.com/advisories/4596: Roberto Zunino
discovered a vulnerability in the MIT-SHM extension of XFree86 prior to versions
4.2.1. The vulnerability allows a local user who can run XFree86 to gain
read/write access to any shared memory segment in the system. Although the use
of shared memory segments to store trusted data is not a common practice, by
exploiting this vulnerability the attacker potentially can get and/or change
sensitive information.

The XFree86 Project fixed the vulnerability in its 4.2.1 release. Please see
http://www.xfree86.org/security/ for details.

Version-Release number of selected component (if applicable):

How reproducible:
Didn't try

Additional info:

Comment 1 Mike A. Harris 2002-11-21 12:37:31 UTC
Does Sun Linux contain a fix for this?

Comment 2 jian liu 2002-11-21 16:28:16 UTC
No, Sun Linux does not contain a fix for this.

Comment 3 Mike A. Harris 2002-11-25 21:35:23 UTC
If sun plans on fixing this, if you could attach the fix you guys end
up using to this bug report, it would be appreciated as well.

Comment 4 jian liu 2002-11-26 19:25:10 UTC
Unfortunately, we don't have a plan to come up with a fix for this bug, at least
not in a short term.

Comment 5 Mike A. Harris 2002-11-26 20:33:59 UTC
Hmm, does that mean Solaris is vulnerable also?

Comment 6 jian liu 2002-12-11 16:38:58 UTC
I'm sorry that I cannot comment on Solaris.

Comment 7 Mike A. Harris 2002-12-15 10:18:47 UTC
No prob, I've had someone else confirm that this affects Solaris also, but
thanks for looking into it.

Comment 8 Mark J. Cox 2003-02-17 10:19:57 UTC
Red Hat Linux 7.3 and 8.0 contained patches for this issue and were not
vulnerable.  As shipped, RHL 7.1 and 7.2 were vulnerable to this
issue, but the errata packages contained fixes for this (the earliest errata
packages with fixes were part of RHBA-2002:068)

Note You need to log in before you can comment on or make changes to this bug.