Red Hat Bugzilla – Bug 78169
vulnerability in the MIT-SHM extension ofXFree86 prior to versions 4.2.1
Last modified: 2007-04-18 12:48:34 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.4.3 i686)
Description of problem:
quote from http://online.securityfocus.com/advisories/4596: Roberto Zunino
discovered a vulnerability in the MIT-SHM extension of XFree86 prior to versions
4.2.1. The vulnerability allows a local user who can run XFree86 to gain
read/write access to any shared memory segment in the system. Although the use
of shared memory segments to store trusted data is not a common practice, by
exploiting this vulnerability the attacker potentially can get and/or change
The XFree86 Project fixed the vulnerability in its 4.2.1 release. Please see
http://www.xfree86.org/security/ for details.
Version-Release number of selected component (if applicable):
Does Sun Linux contain a fix for this?
No, Sun Linux does not contain a fix for this.
If sun plans on fixing this, if you could attach the fix you guys end
up using to this bug report, it would be appreciated as well.
Unfortunately, we don't have a plan to come up with a fix for this bug, at least
not in a short term.
Hmm, does that mean Solaris is vulnerable also?
I'm sorry that I cannot comment on Solaris.
No prob, I've had someone else confirm that this affects Solaris also, but
thanks for looking into it.
Red Hat Linux 7.3 and 8.0 contained patches for this issue and were not
vulnerable. As shipped, RHL 7.1 and 7.2 were vulnerable to this
issue, but the errata packages contained fixes for this (the earliest errata
packages with fixes were part of RHBA-2002:068)