Executive Summary
| Summary | |
|---|---|
| Title | Sun Alert 228529 Sun Linux 5.0 Security Vulnerabilities in XFree86 Packages |
| Informations | |||
|---|---|---|---|
| Name | SUN-228529 | First vendor Publication | 2010-01-20 |
| Vendor | Sun | Last vendor Modification | 2010-01-20 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Sun Linux 5.0 Vulnerabilities in XFree86 packages may allow local or remote unauthorized users the ability to do the following: 1. xterm(1), provided as part of the XFree86 packages, provides an escape sequence for reporting the current window title. This escape sequence takes the current title and places it directly on the command line. An unauthorized local or remote user can create an escape sequence that sets the Xterm window title to an arbitrary command, and then reports it to the command line. Since it is not possible to embed a carriage return into the window title, the unauthorized user would then have to convince the user to press Enter for the shell to process the title as a command. 2. It is possible for a local or remote unauthorized user to lock up xterm(1) by sending an invalid "DEC UDK" escape sequence. 3. The xdm(1) display manager, with the "authComplain" set to false, allows unauthorized local or remote users to connect to the X server if the xdm(1) auth directory does not exist. (Reference the xdm manpages for the default values of authComplain and auth directory.) 4. A vulnerability in the "MIT-SHM" extension of the X server may allow local users to read and write shared memory. 5. The X server may set the "/dev/dri" directory permissions incorrectly. Since the "/dev/dri" is under the root filesystem and has world write permissions, local unprivileged users can create files in the root filesystem. Please see the following CVE issues for more details:
State: Resolved First released: 25-Jul-2003 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_228529_sun_linux |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
| CAPEC-81 | Web Logs Tampering |
| CAPEC-93 | Log Injection-Tampering-Forging |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
| 2009-01-07 | Name : Fedora Core 9 FEDORA-2009-0059 (xterm) File : nvt/fcore_2009_0059.nasl |
| 2009-01-07 | Name : Fedora Core 10 FEDORA-2009-0091 (xterm) File : nvt/fcore_2009_0091.nasl |
| 2009-01-07 | Name : Fedora Core 8 FEDORA-2009-0154 (xterm) File : nvt/fcore_2009_0154.nasl |
| 2009-01-07 | Name : FreeBSD Ports: xterm File : nvt/freebsd_xterm.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 380-1 (xfree86) File : nvt/deb_380_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 60459 | XFree xterm DEC UDK Processing Feature Window Title Escape Sequence DoS |
| 60279 | XFree86 xterm Window Title Escape Sequence Arbitrary Command Execution |
| 14301 | XFree86 MIT-SHM Extension Arbitrary Memory Access |
| 11886 | XFree86 Xserver dexconf /dev/dri Weak Permission Privilege Escalation |
| 11758 | XDM authComplain Variable Connection Restriction Bypass |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0091.nasl - Type : ACT_GATHER_INFO |
| 2009-01-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0059.nasl - Type : ACT_GATHER_INFO |
| 2009-01-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-0154.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-380.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-065.nasl - Type : ACT_GATHER_INFO |
| 2003-10-16 | Name : The remote server is affected by multiple local privilege escalation vulnerab... File : openserver_overflows.nasl - Type : ACT_GATHER_INFO |
