ISS X-Force Database: xfree86-mitshm-memory-access(8706): XFree86 MIT-SHM allows shared memory access

XFree86 MIT-SHM allows shared memory access

xfree86-mitshm-memory-access (8706)

Medium Risk

Description:

The MIT-SHM extension for XFree86 in some Linux distributions could allow a local attacker to gain read/write access to any shared memory segment on the system.

Consequences:

Gain Access

Remedy:

For Caldera OpenLinux 3.1 and 3.1.1:
Upgrade to the latest XFree86 packages (4.1-12 or later) as listed in Caldera International, Inc. Security Advisory CSSA-2002-009.0. See References.

For Caldera OpenLinux UNIX 8.0.0 :
Upgrade to the latest xserver packages (800a or later) as listed in Caldera International, Inc. Security Advisory CSSA-2002-SCO.14. See References.

For Caldera UnixWare: 7.1.1:
Upgrade to the latest xserver packages (711b or later) as listed in Caldera International, Inc. Security Advisory CSSA-2002-SCO.14.. See References.

For Conectiva Linux 6.0 and 7.0:
Upgrade to the latest XFree86 package, when it becomes available from the Conectiva Linux Security Announcement CLSA-2002:529. See References.

For Conectiva Linux 8.0:
Upgrade to the latest XFree86 package (4.2.0-21U80_2cl or later), when it becomes available from the Conectiva Linux Security Announcement CLSA-2002:529. See References.

For Gentoo Linux:
Upgrade versions x11-base/xfree-4.2.0-r12 and earlier, as listed in Gentoo Linux Security Announcement 2002-10-24 10:00 UTC. See References.

For Red Hat Linux 8.0:
Upgrade to the latest XFree86 package (4.2.1-21 or later), as listed in RHSA-2003:067-19. See References.

For Sun Linux 5.0:
Apply the appropriate patch for your system. Refer to Sun Alert ID: 55602 for more information. See References.

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest xfree86 package (4.1.0-16woody1 or later), as listed in DSA-380-1. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Caldera International, Inc. Security Advisory CSSA-2002-009.0: Linux: X server allows access to any shared memory on the system.
Caldera International, Inc. Security Advisory CSSA-2002-SCO.14: Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system.
CIAC Information Bulletin N-110: Red Hat Updated XFree86 Packages Provide Security and Bug Fixes.
Conectiva Linux Announcement CLSA-2002:529: XFree86.
Gentoo Linux Security Announcement 2002-10-24 10:00 UTC: Shared memory may be compromised by local XFree86 users.
Sun Alert ID: 55602: Sun Linux 5.0 Security Vulnerabilities in XFree86 Packages.
BID-4396: XFree86 MIT-SHM Shared Memory Access Vulnerability
CVE-2002-0164: Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.
DSA-380: xfree86 -- buffer overflows
RHSA-2003-064: Updated XFree86 4.1.0 packages are available
RHSA-2003-065: XFree86 security update
RHSA-2003-066: Updated XFree86 packages provide security and bug fixes
RHSA-2003-067: Updated XFree86 packages provide security and bug fixes

Platforms Affected:

Conectiva Linux 6.0
Conectiva Linux 7.0
Conectiva Linux 8.0
Debian Debian Linux 3.0
Gentoo Linux
RedHat Enterprise Linux 2.1 ES
RedHat Enterprise Linux 2.1 WS
RedHat Enterprise Linux 2.1 AS
RedHat Linux 7
RedHat Linux 7.1
RedHat Linux 7.2
RedHat Linux 7.3
RedHat Linux 8.0
RedHat Linux Advanced Workstation 2.1 Itanium
SCO Caldera OpenLinux Server 3.1
SCO Caldera OpenLinux Server 3.1.1
SCO Caldera OpenLinux Workstation 3.1
SCO Caldera OpenLinux Workstation 3.1.1
SCO Caldera OpenUnix 8.0.0
SCO Caldera UnixWare 7.1.1
Sun Linux 5.0
XFree86 XFree86 4.2.0 and prior

Reported:

Mar 15, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page