headers
Ademar de Souza Reis Jr. | 2 Oct 23:27
Picon
Favicon

XFree86 MIT-SHM vulnerability

Hello everyone.

I didn't see fixes for the MIT-SHM vulnerability from any vendor besides
the Caldera update for XFree86-4.1.2 from March:
http://old.lwn.net/alerts/Caldera/CSSA-2002-009.0.php3

The point is that, as far as I can understand, even that fix is not
complete, as stated in the XFree86 security page:
(http://www.xfree86.org/security/)

* The MIT-SHM update in 4.2.1 is incomplete as the case where the X
  server is started from xdm was not handled. A more complete fix from
  the XFree86 trunk has been committed to the xf-4_2-branch branch.
  A source patch against 4.2.1 is available on the XFree86 FTP site.

So, any vendor planning a (new) release for this vulnerability?
Or maybe someone released something and I'm blind?

Anyway, the new patch mentioned definetely fails to apply in 4.0.3.
I didn't investigate it and if someone is working on it, please tell me
(otherwise I'll do it by myself :-).

Still talking about XFree86, I didn't see advisories/fixes from all vendors
(except SuSE, IIRC) for the xlib i18n local vulnerability... Any special
reason for this delay?

I don't know if it's just my feeling, but looks like everyone is "afraid" of
updating XFree86 :-). The MIT-SHM and the xlib i18n vulns sound very dangerous
to me, and I remember an old issue about using large fonts to cause
a serious DoS (mozilla was a vector for the attack - it's fixed already -, but
(Continue reading)

Permalink | Reply |
headers
Ademar de Souza Reis Jr. | 3 Oct 21:36
Picon
Favicon

Re: XFree86 MIT-SHM vulnerability

On Wed, Oct 02, 2002 at 06:27:12PM -0300, Ademar de Souza Reis Jr. wrote:
> Anyway, the new patch mentioned definetely fails to apply in 4.0.3.
> I didn't investigate it and if someone is working on it, please tell me
> (otherwise I'll do it by myself :-).

Actually the backport was very easy...

Patches for 4.0.3 and 4.0.1 attached FYI.
(I'm compiling XFree86 right now, they're not tested).

-- 
Ademar de Souza Reis Jr. <ademar@...>

^[:wq!

diff -ur XFree86-4.0.3-orig/xc/config/cf/FreeBSD.cf XFree86-4.0.3/xc/config/cf/FreeBSD.cf
--- XFree86-4.0.3-orig/xc/config/cf/FreeBSD.cf	Fri Mar  2 19:55:19 2001
+++ XFree86-4.0.3/xc/config/cf/FreeBSD.cf	Thu Oct  3 14:32:49 2002
@@ -131,6 +131,10 @@
 #define HasSetUserContext	YES
 #endif

+#if OSMajorVersion >= 5 || (OSMajorVersion == 4 && OSMinorVersion >= 6) 
+#define HasGetpeereid		YES
+#endif
+
 /* 3.3(?) and later has support for setting MTRRs */
 #ifndef HasMTRRSupport
 #if OSMajorVersion > 3 || (OSMajorVersion == 3 && OSMinorVersion >= 3)
(Continue reading)

Permalink | Reply |

Gmane