Executive Summary

Summary
Title Sun Alert 228529 Sun Linux 5.0 Security Vulnerabilities in XFree86 Packages
Informations
Name SUN-228529 First vendor Publication 2010-01-20
Vendor Sun Last vendor Modification 2010-01-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Linux 5.0

Vulnerabilities in XFree86 packages may allow local or remote unauthorized users the ability to do the following:

1. xterm(1), provided as part of the XFree86 packages, provides an escape sequence for reporting the current window title. This escape sequence takes the current title and places it directly on the command line. An unauthorized local or remote user can create an escape sequence that sets the Xterm window title to an arbitrary command, and then reports it to the command line. Since it is not possible to embed a carriage return into the window title, the unauthorized user would then have to convince the user to press Enter for the shell to process the title as a command.

2. It is possible for a local or remote unauthorized user to lock up xterm(1) by sending an invalid "DEC UDK" escape sequence.

3. The xdm(1) display manager, with the "authComplain" set to false, allows unauthorized local or remote users to connect to the X server if the xdm(1) auth directory does not exist. (Reference the xdm manpages for the default values of authComplain and auth directory.)

4. A vulnerability in the "MIT-SHM" extension of the X server may allow local users to read and write shared memory.

5. The X server may set the "/dev/dri" directory permissions incorrectly. Since the "/dev/dri" is under the root filesystem and has world write permissions, local unprivileged users can create files in the root filesystem.

Please see the following CVE issues for more details:

State: Resolved
First released: 25-Jul-2003

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_228529_sun_linux

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-81 Web Logs Tampering
CAPEC-93 Log Injection-Tampering-Forging

CWE : Common Weakness Enumeration

% Id Name

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 2
Application 7
Application 1

OpenVAS Exploits

Date Description
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2009-01-07 Name : Fedora Core 9 FEDORA-2009-0059 (xterm)
File : nvt/fcore_2009_0059.nasl
2009-01-07 Name : Fedora Core 10 FEDORA-2009-0091 (xterm)
File : nvt/fcore_2009_0091.nasl
2009-01-07 Name : Fedora Core 8 FEDORA-2009-0154 (xterm)
File : nvt/fcore_2009_0154.nasl
2009-01-07 Name : FreeBSD Ports: xterm
File : nvt/freebsd_xterm.nasl
2008-01-17 Name : Debian Security Advisory DSA 380-1 (xfree86)
File : nvt/deb_380_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
60459 XFree xterm DEC UDK Processing Feature Window Title Escape Sequence DoS

60279 XFree86 xterm Window Title Escape Sequence Arbitrary Command Execution

14301 XFree86 MIT-SHM Extension Arbitrary Memory Access

11886 XFree86 Xserver dexconf /dev/dri Weak Permission Privilege Escalation

11758 XDM authComplain Variable Connection Restriction Bypass

Nessus® Vulnerability Scanner

Date Description
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-0091.nasl - Type : ACT_GATHER_INFO
2009-01-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-0059.nasl - Type : ACT_GATHER_INFO
2009-01-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-0154.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-380.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2003-065.nasl - Type : ACT_GATHER_INFO
2003-10-16 Name : The remote server is affected by multiple local privilege escalation vulnerab...
File : openserver_overflows.nasl - Type : ACT_GATHER_INFO