Vulnerability Note VU#169059

X11 vulnerable to buffer overflow in handling of -xrm option

Overview

The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges.

I. Description

The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option (including xterm) also contain this vulnerability.

II. Impact

Attackers may be able to gain root privileges by exploiting affected setuid root programs (such as xterm) that use the X11 library.

III. Solution

Apply a patch

See the Systems Affected section for details, or contact your vendor directly.
None.

Systems Affected

Vendor	Status	Date Notified
Apple Computer Inc.	Not Vulnerable	16-Sep-2002
Hewlett-Packard Company	Not Vulnerable	24-Mar-2003
MontaVista Software	Not Vulnerable	16-Sep-2002
Openwall GNU/*/Linux	Not Vulnerable	16-Sep-2002
The SCO Group (SCO UnixWare)	Vulnerable	13-Sep-2002

References

http://ciac.llnl.gov/ciac/bulletins/h-92a.shtml
ftp://ftp.x.org/pub/R6.3/fixes/fix-02
http://stage.caldera.com/support/security/
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.15/CSSA-2002-SCO.15.txt

Credit

Thanks to jG gM for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

Date Public:	97-05-28
Date First Published:	2002-09-16
Date Last Updated:	2003-03-24
CERT Advisory:
CVE-ID(s):	CAN-2002-0517
NVD-ID(s):	CAN-2002-0517
US-CERT Technical Alerts:
Metric:	6.78
Document Revision:	15

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader