XFree86 X11 library (libX11.so) LD_PRELOAD setuid program execution

xfree86-x11-program-execution (10137)

Medium Risk

Description:

A vulnerability in the XFree86 X11 library (libX11.so) could allow a local attacker to load and execute malicious programs on the system with elevated privileges. A local attacker could specify a path to a malicious file to be loaded using the LD_PRELOAD environment variable. This program would be linked to the X11 library, which could allow the attacker to execute code on the system under another user's privileges, possibly root.

Platforms Affected:

• Conectiva, Linux 8.0
• RedHat, Linux 7.3
• RedHat, Linux 8.0
• SuSE, SuSE Linux 8.0
• XFree86, XFree86 4.2.0 and prior

Remedy:

Upgrade to the latest version of XFree86 (4.2.1 or later), available from the XFree86 Web site. See References.

For SuSE Linux 8.0:
Upgrade to the latest XFree86 package (4.2.0-174 or later), as listed in SuSE Security Announcement SuSE-SA:2002:032. See References.

For Conectiva Linux 8.0:
Upgrade to the latest XFree86 package (4.2.0-21U80_2cl or later), as listed in Conectiva Linux Announcement CLSA-2002:529. See References.

For Red Hat Linux 8.0:
Upgrade to the latest XFree86 package (4.2.1-21 or later), as listed in RHSA-2003:067-19. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Privileges

References:

• CIAC Information Bulletin N-110, Red Hat Updated XFree86 Packages Provide Security and Bug Fixes at http://www.ciac.org/ciac/bulletins/n-110.shtml.
• Conectiva Linux Announcement CLSA-2002:529, XFree86 at http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000529.
• XFree86 Web site, XFree86(TM): Home Page at http://www.xfree86.org/security/.
• XFree86 Web site, XFree86 Security Issues at http://www.xfree86.org/security/.
• BID-5735: XFree86 libX11.so Local Privilege Escalation Vulnerability
• CVE-2002-1472: Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
• OSVDB ID: 11922: XFree86 libX11.so LD_PRELOAD Privilege Escalation
• RHSA-2003-066: Updated XFree86 packages provide security and bug fixes
• RHSA-2003-067: Updated XFree86 packages provide security and bug fixes

Reported:

Sep 18, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page