|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#102441
Multiple X servers fail to properly allocate memory for large pixmaps
OverviewMultiple X Window System servers contain a pixmap memory allocation flaw that may allow local users to execute code with elevated privileges.
I. DescriptionMultiple X Window System server applications share code that may contain a flaw in the memory allocation for large pixmaps. The affected products include the X.Org and XFree86 X server applications, possibly among others.
An integer overflow condition may result in a memory allocation request returning an allocated region that is incorrectly sized. The client may then be able to use the XDrawPoint() and XGetImage() functions to read and write to arbitrary locations in the X server's address space.
II. ImpactA malicious local authenticated attacker may be able to execute arbitrary code with the privileges of the X server.
III. SolutionApply an update
Contact your vendor for updates, fixes, and workarounds.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| Apple Computer, Inc. | Unknown | 7-Sep-2005 |
| Cray Inc. | Unknown | 7-Sep-2005 |
| Debian Linux | Vulnerable | 19-Sep-2005 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 7-Sep-2005 |
| Engarde Secure Linux | Unknown | 7-Sep-2005 |
| F5 Networks, Inc. | Unknown | 7-Sep-2005 |
| Fedora Project | Vulnerable | 19-Sep-2005 |
| FreeBSD, Inc. | Unknown | 7-Sep-2005 |
| Fujitsu | Unknown | 7-Sep-2005 |
| Gentoo Linux | Vulnerable | 19-Sep-2005 |
| Hewlett-Packard Company | Unknown | 7-Sep-2005 |
| Hitachi | Not Vulnerable | 19-Sep-2005 |
| IBM Corporation | Unknown | 7-Sep-2005 |
| IBM Corporation (zseries) | Unknown | 7-Sep-2005 |
| IBM eServer | Unknown | 7-Sep-2005 |
| Immunix Communications, Inc. | Unknown | 7-Sep-2005 |
| Ingrian Networks, Inc. | Unknown | 7-Sep-2005 |
| Juniper Networks, Inc. | Unknown | 7-Sep-2005 |
| Mandriva, Inc. | Unknown | 7-Sep-2005 |
| Mandriva, Inc. | Vulnerable | 19-Sep-2005 |
| Microsoft Corporation | Unknown | 7-Sep-2005 |
| MontaVista Software, Inc. | Unknown | 7-Sep-2005 |
| NEC Corporation | Unknown | 7-Sep-2005 |
| NetBSD | Unknown | 7-Sep-2005 |
| Novell, Inc. | Unknown | 7-Sep-2005 |
| OpenBSD | Unknown | 7-Sep-2005 |
| Openwall GNU/*/Linux | Unknown | 7-Sep-2005 |
| QNX, Software Systems, Inc. | Unknown | 7-Sep-2005 |
| Red Hat, Inc. | Vulnerable | 29-Sep-2005 |
| Sequent Computer Systems, Inc. | Unknown | 7-Sep-2005 |
| Silicon Graphics, Inc. | Unknown | 7-Sep-2005 |
| Slackware Linux Inc. | Vulnerable | 26-Sep-2005 |
| Sony Corporation | Unknown | 7-Sep-2005 |
| Sun Microsystems, Inc. | Unknown | 7-Sep-2005 |
| SUSE Linux | Vulnerable | 26-Sep-2005 |
| The SCO Group (SCO Linux) | Unknown | 7-Sep-2005 |
| The SCO Group (SCO Unix) | Unknown | 7-Sep-2005 |
| Trustix Secure Linux | Vulnerable | 19-Sep-2005 |
| Turbolinux | Unknown | 7-Sep-2005 |
| Unisys | Unknown | 7-Sep-2005 |
| Wind River Systems, Inc. | Unknown | 7-Sep-2005 |
| xFree86 (distributor of free implementations of X) | Unknown | 3-Nov-2005 |
References
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166859
https://bugs.freedesktop.org/show_bug.cgi?id=594
http://secunia.com/advisories/16777/
http://secunia.com/advisories/16790/
https://rhn.redhat.com/errata/RHSA-2005-329.html
Credit
Thanks to Luke Hutchison and Søren Sandmann Pedersen for reporting this vulnerability.
This document was written by Ken MacInnis.
Other Information
| Date Public | 09/12/2005 |
| Date First Published | 09/13/2005 02:17:26 PM |
| Date Last Updated | 11/03/2005 |
| CERT Advisory | |
| CVE Name | CAN-2005-2495 |
| US-CERT Technical Alerts | |
| Metric | 7.42 |
| Document Revision | 29 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader