Vulnerability Note VU#188507
Low BandWidth X proxy vulnerable to buffer overflow via crafted display command line option
A locally exploitable buffer overflow exists in the Low BandWidth X proxy.
The Low BandWidth X proxy is a component of XFree86 (a freely redistributable open-source implementation of the X Window System). The Low BandWidth X proxy allows applications to transparently take advantage of the Low Bandwidth extension to X (LBX). LBX allows one to make more efficient use of low bandwidth high latency communication links. Quoting from LBX technical specifications:
Low Bandwidth X (LBX) is a network-transparent protocol for running X Window System applications over transport channels whose bandwidth and latency are significantly worse than that used in local area networks. It combines a variety of caching and reencoding techniques to reduce the volume of data that must be sent over the wire. It can be used with existing clients by placing a proxy between the clients and server, so that the low bandwidth/high latency communication occurs between the proxy and server.
A local attacker can execute arbitrary code with root privileges.
Apply a vendor patch.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||03 Apr 2002||19 Aug 2002|
|Sun Microsystems Inc.||Affected||-||19 Aug 2002|
|Apple Computer Inc.||Not Affected||03 Apr 2002||04 Apr 2002|
|Cray Inc.||Not Affected||05 Apr 2002||11 Apr 2002|
|Fujitsu||Not Affected||03 Apr 2002||04 Apr 2002|
|IBM||Not Affected||03 Apr 2002||05 Apr 2002|
|Lotus Development Corporation||Not Affected||03 Apr 2002||12 Jun 2002|
|NEC Corporation||Not Affected||03 Apr 2002||05 Apr 2002|
|OpenBSD||Not Affected||03 Apr 2002||04 Apr 2002|
|SGI||Not Affected||03 Apr 2002||11 Apr 2002|
|XFree86||Not Affected||15 Apr 2002||19 Apr 2002|
|BSDI||Unknown||03 Apr 2002||03 Apr 2002|
|Caldera||Unknown||03 Apr 2002||04 Apr 2002|
|Cisco Systems Inc.||Unknown||03 Apr 2002||04 Apr 2002|
|Compaq Computer Corporation||Unknown||03 Apr 2002||04 Apr 2002|
CVSS Metrics (Learn More)
The CERT/CC thanks Sun Microsystems for reporting this vulnerability to us.
This document was written by Ian A. Finlay.
- CVE IDs: CAN-2002-0090
- Date Public: 05 Jul 2001
- Date First Published: 19 Aug 2002
- Date Last Updated: 19 Aug 2002
- Severity Metric: 7.50
- Document Revision: 37
If you have feedback, comments, or additional information about this vulnerability, please send us email.