漏洞信息详情
XFree86 MIT-SHM共享内存访问漏洞
- CNNVD编号:CNNVD-200203-033
- 危害等级: 中危
- CVE编号: CVE-2002-0164
- 漏洞类型: 访问验证错误
- 发布时间: 2002-03-15
- 威胁类型: 本地
- 更新时间: 2010-01-28
- 厂 商: caldera
- 漏洞来源: Roberto Zunino.
漏洞简介
XFree86 MIT-SHM扩展为X进程提供SYSTEM V共享内存。如为XImages提供共享内存机制,ximage接口的实际图象数据存储在共享内存段,这样就不用通过XLib中间进程通信通道进行图象存储操作,对于处理大型图象,使用这个功能可以提供系统性能。 XFree86 MIT-SHM扩展存在访问控制问题,本地攻击者可以利用这个漏洞读/写任意共享内存,提升权限。 XFree86 MIT-SHM扩展存在问题允许本地X用户读和写系统中任意共享内存段地址,使用精心构建的地址覆盖共享内存段,使的非特权X用户可以以XFree86进程权限在系统上执行任意指令。
漏洞公告
厂商补丁: Caldera ------- Caldera已经为此发布了两个安全公告(CSSA-2002-SCO.14)和(CSSA-2002-009.0):
CSSA-2002-SCO.14:Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system
链接:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14
CSSA-2002-009.0:Linux: X server allows access to any shared memory on the system
链接: http://www.caldera.com/support/security/advisories/CSSA-2002-009.0.txt
补丁下载:
Caldera UnixWare 7.1.1:
Caldera Upgrade xserver.711b.pkg
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/xserver.711b.pkg
Caldera OpenUnix 8.0:
Caldera Upgrade xserver.800a.pkg
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/xserver.800a.pkg
Caldera RPM XFree86-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-4.1-12.i386.rpm
Caldera RPM XFree86-addons-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-addons-4.1-12.i386.rpm
Caldera RPM XFree86-setup-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-setup-4.1-12.i386.rpm
Caldera RPM XFree86-twm-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-twm-4.1-12.i386.rpm
Caldera RPM XFree86-xdm-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-xdm-4.1-12.i386.rpm
Caldera RPM XFree86-Xnest-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-Xnest-4.1-12.i386.rpm
Caldera RPM XFree86-Xprt-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-Xprt-4.1-12.i386.rpm
Caldera RPM XFree86-xsm-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-xsm-4.1-12.i386.rpm
Caldera RPM XFree86-xterm-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-xterm-4.1-12.i386.rpm
Caldera RPM XFree86-Xvfb-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-Xvfb-4.1-12.i386.rpm
Caldera RPM XFree86-4.1-12.src.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS/XFree86-4.1-12.src.rpm
Caldera RPM XFree86-config-eg-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-config-eg-4.1-12.i386.rpm
Caldera RPM XFree86-contrib-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-contrib-4.1-12.i386.rpm
Caldera RPM XFree86-devel-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-devel-4.1-12.i386.rpm
Caldera RPM XFree86-devel-prof-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-devel-prof-4.1-12.i386.rpm
Caldera RPM XFree86-devel-static-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-devel-static-4.1-12.i386.rpm
Caldera RPM XFree86-fonts-100dpi-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-100dpi-4.1-12.i386.rpm
Caldera RPM XFree86-fonts-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-4.1-12.i386.rpm
Caldera RPM XFree86-fonts-75dpi-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-75dpi-4.1-12.i386.rpm
Caldera RPM XFree86-fonts-cyrillic-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-cyrillic-4.1-12.i386.rpm
Caldera RPM XFree86-fonts-extra-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-extra-4.1-12.i386.rpm
Caldera RPM XFree86-fonts-scale-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-scale-4.1-12.i386.rpm
Caldera RPM XFree86-fonts-speedo-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-speedo-4.1-12.i386.rpm
Caldera RPM XFree86-fontserver-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fontserver-4.1-12.i386.rpm
Caldera RPM XFree86-imake-4.1-12.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1
参考网址
来源: XF 名称: xfree86-mitshm-memory-access(8706) 链接:http://xforce.iss.net/xforce/xfdb/8706 来源: BID 名称: 4396 链接:http://www.securityfocus.com/bid/4396 来源: REDHAT 名称: RHSA-2003:067 链接:http://www.redhat.com/support/errata/RHSA-2003-067.HTML 来源: CALDERA 名称: CSSA-2002-009.0 链接:http://www.linuxsecurity.com/advisories/caldera_advisory-2006.HTML 来源: DEBIAN 名称: DSA-380 链接:http://www.debian.org/security/2003/dsa-380 来源: SUNALERT 名称: 1017429 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1 来源: SUNALERT 名称: 228529 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1 来源: CALDERA 名称: CSSA-2002-SCO.14 链接:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt 来源: SGI 名称: 20021001-01-P 链接:ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P 来源: BUGTRAQ 名称: 20021024 GLSA: xfree 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103547625009363&w=2 来源: CONECTIVA 名称: CLSA-2002:529 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529
受影响实体
- Caldera Openlinux_server:3.1
- Caldera Openlinux_server:3.1.1
- Caldera Openlinux_workstation:3.1
- Caldera Openlinux_workstation:3.1.1
补丁
暂无
评论