X11 xterm program contains a locally exploitable buffer overflow

xfree86-xterm-xaw (963)

High Risk

Description:

The xterm program in XFree86 and several other X11 distributions is vulnerable to a buffer overflow. A local attacker can overflow a buffer to gain root privileges.

Platforms Affected:

• SGI, IRIX 3.2
• SGI, IRIX 3.3
• SGI, IRIX 3.3.1
• SGI, IRIX 3.3.2
• SGI, IRIX 3.3.3
• SGI, IRIX 4.0
• SGI, IRIX 4.0.1
• SGI, IRIX 4.0.1t
• SGI, IRIX 4.0.2
• SGI, IRIX 4.0.3
• SGI, IRIX 4.0.4
• SGI, IRIX 4.0.4b
• SGI, IRIX 4.0.4t
• SGI, IRIX 4.0.5
• SGI, IRIX 4.0.5a
• SGI, IRIX 4.0.5b
• SGI, IRIX 4.0.5d
• SGI, IRIX 4.0.5e
• SGI, IRIX 4.0.5f
• SGI, IRIX 4.0.5g
• SGI, IRIX 4.0.5h
• SGI, IRIX 4.0.5_iop
• SGI, IRIX 4.0.5_ipr
• SGI, IRIX 5.0
• SGI, IRIX 5.0.1
• SGI, IRIX 5.1
• SGI, IRIX 5.1.1
• SGI, IRIX 5.2
• SGI, IRIX 5.3 XFS
• SGI, IRIX 5.3
• SGI, IRIX 6.0
• SGI, IRIX 6.0.1
• SGI, IRIX 6.1
• SGI, IRIX 6.2
• SGI, IRIX 6.3
• SGI, IRIX 6.4
• SGI, IRIX 6.5
• X.Org, X11

Remedy:

This vulnerability has been observed in all releases of X11 from the Open Group up to R6.4 and future versions will be corrected. This vulnerability also affects XFree86 up to and including version 3.3.2. Users should obtain and apply patch 1 to remedy this vulnerability or, preferably, upgrade to the latest release available.

Users of affected IRIX systems should apply the appropriate patch for your system, as listed in CIAC Information Bulletin J-010.

IRIX 6.5 users should upgrade version of IRIX (6.5.1 or later) and other users should upgrade to one of the supported versions and then apply the appropriate patch for your system.

Consequences:

Gain Privileges

References:

• Caldera International, Inc. Security Advisory SA-1998.05, Vulnerabilities in the XFree86 3.3 X servers at ftp://ftp.caldera.com/pub/security/OpenLinux/SA-1998.05.txt.
• Caldera International, Inc. Security Advisory SA-1998.11, XFree86 3.3.1 Problems at ftp://ftp.caldera.com/pub/security/OpenLinux/SA-1998.11.txt.
• CERT Vendor-Initiated Bulletin VB-98.04, Vulnerabilities in xterm and Xaw at http://ftp.cerias.purdue.edu/pub/advisories/cert/cert_bulletins/VB-98.04.xterm.Xaw.
• CERT Vendor-Initiated Bulletin VB-98.04, Vulnerabilities in xterm and Xaw at http://ftp.cerias.purdue.edu/pub/advisories/cert/cert_bulletins/VB-98.04.xterm.Xaw.
• CIAC Information Bulletin I-046, Open Group xterm and Xaw Library Vulnerabilities at http://www.ciac.org/ciac/bulletins/i-046.shtml.
• CIAC Information Bulletin J-010, SGI Buffer Overflow Vulnerabilities (xterm(1), Xaw library) at http://ciac.llnl.gov/ciac/bulletins/j-010.shtml.
• SGI Security Advisory 19981002-01-PX, xterm(1) exploitable buffer overflow at ftp://patches.sgi.com/support/free/security/advisories/19981002-01-PX.
• The XFree86 Project, Inc. Security Advisory XFree86-SA-1998:01, xterm and Xaw library vulnerability at ftp://ftp.xfree86.org/pub/XFree86/Security/XFree86-SA-1998:01.asc.
• CVE-1999-0126: SGI IRIX buffer overflow in xterm and Xaw allows root access.

Reported:

Apr 27, 1998

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page