From Bugzilla Helper: User-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.4.3 i686) Description of problem: quote from http://online.securityfocus.com/advisories/4596: Roberto Zunino discovered a vulnerability in the MIT-SHM extension of XFree86 prior to versions 4.2.1. The vulnerability allows a local user who can run XFree86 to gain read/write access to any shared memory segment in the system. Although the use of shared memory segments to store trusted data is not a common practice, by exploiting this vulnerability the attacker potentially can get and/or change sensitive information. The XFree86 Project fixed the vulnerability in its 4.2.1 release. Please see http://www.xfree86.org/security/ for details. Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info:
Does Sun Linux contain a fix for this?
No, Sun Linux does not contain a fix for this.
If sun plans on fixing this, if you could attach the fix you guys end up using to this bug report, it would be appreciated as well.
Unfortunately, we don't have a plan to come up with a fix for this bug, at least not in a short term.
Hmm, does that mean Solaris is vulnerable also?
I'm sorry that I cannot comment on Solaris.
No prob, I've had someone else confirm that this affects Solaris also, but thanks for looking into it.
Red Hat Linux 7.3 and 8.0 contained patches for this issue and were not vulnerable. As shipped, RHL 7.1 and 7.2 were vulnerable to this issue, but the errata packages contained fixes for this (the earliest errata packages with fixes were part of RHBA-2002:068)