[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] SCOSA-2006.14 OpenServer 6.0.0 : X.Org X Server Arbitrary Code Execution Vulnerability

-- 
Dr. Ronald Joe Record
Chief Security Officer
SCO
rr@xxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 6.0.0 : X.Org X Server Arbitrary Code 
Execution Vulnerability
Advisory number:        SCOSA-2006.14
Issue date:             2006 March 16
Cross reference:        fz532984
                        CVE-2005-2495 
                        VU#102441 
______________________________________________________________________________


1. Problem Description

        Multiple X Window System server applications share code
        that may contain a flaw in the memory allocation for large
        pixmaps. The affected products include the X.Org X server 
        applications.
        
        An integer overflow condition may result in a memory allocation
        request returning an allocated region that is incorrectly
        sized. The client may then be able to use the XDrawPoint()
        and XGetImage() functions to read and write to arbitrary
        locations in the X server's address space.
        
        A malicious local authenticated attacker may be able to
        execute arbitrary code with the privileges of the X server.
        
        The Common Vulnerabilities and Exposures project
        (cve.mitre.org) has assigned the name CVE-2005-2495 to
        this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 6.0.0                XORGServer package


3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 6.0.0

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso


        4.2 Verification

        MD5 (osr600mp2.iso) = 7e560dcde374eb60df2b4a599ac20d8a

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.3 Installing Fixed Binaries

        See the SCO OpenServer Release 6.0.0 Maintenance Pack 2 Release
        and Installation Notes:

        ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.html


5. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495
                http://www.kb.cert.org/vuls/id/102441 
                https://bugs.freedesktop.org/show_bug.cgi?id=594 
                http://secunia.com/advisories/16790/ 
                http://secunia.com/advisories/16777/

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents fz532984.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


7. Acknowledgments

        Thanks to Luke Hutchison and Søren Sandmann Pedersen for reporting
        this vulnerability.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)

iD8DBQFEGcnSaqoBO7ipriERAnujAJ9ZaNb+8CBGF/WlMM8sZFfxzSxPrwCePpaI
m3yj3A369pIAJ4mnk1WZaAw=
=DgP7
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/