Vulnerability Note VU#188507

Low BandWidth X proxy vulnerable to buffer overflow via crafted display command line option

Original Release date: 19 Aug 2002 | Last revised: 19 Aug 2002

Overview

A locally exploitable buffer overflow exists in the Low BandWidth X proxy.

Description

The Low BandWidth X proxy is a component of XFree86 (a freely redistributable open-source implementation of the X Window System). The Low BandWidth X proxy allows applications to transparently take advantage of the Low Bandwidth extension to X (LBX). LBX allows one to make more efficient use of low bandwidth high latency communication links. Quoting from LBX technical specifications:

Low Bandwidth X (LBX) is a network-transparent protocol for running X Window System applications over transport channels whose bandwidth and latency are significantly worse than that used in local area networks. It combines a variety of caching and reencoding techniques to reduce the volume of data that must be sent over the wire. It can be used with existing clients by placing a proxy between the clients and server, so that the low bandwidth/high latency communication occurs between the proxy and server.

The vulnerability manifests itself in the following function:

lbxproxy/di/wire.c:ConnectToServer

Impact

A local attacker can execute arbitrary code with root privileges.

Solution

Apply a vendor patch.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Hewlett-Packard CompanyAffected03 Apr 200219 Aug 2002
Sun Microsystems Inc.Affected-19 Aug 2002
Apple Computer Inc.Not Affected03 Apr 200204 Apr 2002
Cray Inc.Not Affected05 Apr 200211 Apr 2002
FujitsuNot Affected03 Apr 200204 Apr 2002
IBMNot Affected03 Apr 200205 Apr 2002
Lotus Development CorporationNot Affected03 Apr 200212 Jun 2002
NEC CorporationNot Affected03 Apr 200205 Apr 2002
OpenBSDNot Affected03 Apr 200204 Apr 2002
SGINot Affected03 Apr 200211 Apr 2002
XFree86Not Affected15 Apr 200219 Apr 2002
BSDIUnknown03 Apr 200203 Apr 2002
CalderaUnknown03 Apr 200204 Apr 2002
Cisco Systems Inc.Unknown03 Apr 200204 Apr 2002
Compaq Computer CorporationUnknown03 Apr 200204 Apr 2002
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

The CERT/CC thanks Sun Microsystems for reporting this vulnerability to us.

This document was written by Ian A. Finlay.

Other Information

  • CVE IDs: CAN-2002-0090
  • Date Public: 05 Jul 2001
  • Date First Published: 19 Aug 2002
  • Date Last Updated: 19 Aug 2002
  • Severity Metric: 7.50
  • Document Revision: 37

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.