CVE-2002-0164
CVSS4.6
发布时间 :2002-03-15 00:00:00
修订时间 :2016-10-17 22:16:44
NMCOPS    

[原文]Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.


[CNNVD]XFree86 MIT-SHM共享内存访问漏洞(CNNVD-200203-033)

        
        XFree86 MIT-SHM扩展为X进程提供SYSTEM V共享内存。如为XImages提供共享内存机制,ximage接口的实际图象数据存储在共享内存段,这样就不用通过XLib中间进程通信通道进行图象存储操作,对于处理大型图象,使用这个功能可以提供系统性能。
        XFree86 MIT-SHM扩展存在访问控制问题,本地攻击者可以利用这个漏洞读/写任意共享内存,提升权限。
        XFree86 MIT-SHM扩展存在问题允许本地X用户读和写系统中任意共享内存段地址,使用精心构建的地址覆盖共享内存段,使的非特权X用户可以以XFree86进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:caldera:openlinux_server:3.1.1
cpe:/a:caldera:openlinux_workstation:3.1.1
cpe:/a:caldera:openlinux_server:3.1
cpe:/a:caldera:openlinux_workstation:3.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0164
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0164
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-033
(官方数据源) CNNVD

- 其它链接及资源

ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P
(UNKNOWN)  SGI  20021001-01-P
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt
(UNKNOWN)  CALDERA  CSSA-2002-SCO.14
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529
(UNKNOWN)  CONECTIVA  CLSA-2002:529
http://marc.info/?l=bugtraq&m=103547625009363&w=2
(UNKNOWN)  BUGTRAQ  20021024 GLSA: xfree
http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1
(UNKNOWN)  SUNALERT  228529
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1
(UNKNOWN)  SUNALERT  1017429
http://www.debian.org/security/2003/dsa-380
(UNKNOWN)  DEBIAN  DSA-380
http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html
(UNKNOWN)  CALDERA  CSSA-2002-009.0
http://www.redhat.com/support/errata/RHSA-2003-067.html
(UNKNOWN)  REDHAT  RHSA-2003:067
http://www.securityfocus.com/bid/4396
(UNKNOWN)  BID  4396
http://xforce.iss.net/xforce/xfdb/8706
(UNKNOWN)  XF  xfree86-mitshm-memory-access(8706)

- 漏洞信息

XFree86 MIT-SHM共享内存访问漏洞
中危 访问验证错误
2002-03-15 00:00:00 2010-01-28 00:00:00
本地  
        
        XFree86 MIT-SHM扩展为X进程提供SYSTEM V共享内存。如为XImages提供共享内存机制,ximage接口的实际图象数据存储在共享内存段,这样就不用通过XLib中间进程通信通道进行图象存储操作,对于处理大型图象,使用这个功能可以提供系统性能。
        XFree86 MIT-SHM扩展存在访问控制问题,本地攻击者可以利用这个漏洞读/写任意共享内存,提升权限。
        XFree86 MIT-SHM扩展存在问题允许本地X用户读和写系统中任意共享内存段地址,使用精心构建的地址覆盖共享内存段,使的非特权X用户可以以XFree86进程权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Caldera
        -------
        Caldera已经为此发布了两个安全公告(CSSA-2002-SCO.14)和(CSSA-2002-009.0):
        CSSA-2002-SCO.14:Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system
        链接:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14
        CSSA-2002-009.0:Linux: X server allows access to any shared memory on the system
        链接:
        http://www.caldera.com/support/security/advisories/CSSA-2002-009.0.txt

        补丁下载:
        Caldera UnixWare 7.1.1:
        Caldera Upgrade xserver.711b.pkg
        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/xserver.711b.pkg
        Caldera OpenUnix 8.0:
        Caldera Upgrade xserver.800a.pkg
        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/xserver.800a.pkg
        Caldera RPM XFree86-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-4.1-12.i386.rpm
        Caldera RPM XFree86-addons-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-addons-4.1-12.i386.rpm
        Caldera RPM XFree86-setup-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-setup-4.1-12.i386.rpm
        Caldera RPM XFree86-twm-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-twm-4.1-12.i386.rpm
        Caldera RPM XFree86-xdm-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-xdm-4.1-12.i386.rpm
        Caldera RPM XFree86-Xnest-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-Xnest-4.1-12.i386.rpm
        Caldera RPM XFree86-Xprt-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-Xprt-4.1-12.i386.rpm
        Caldera RPM XFree86-xsm-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-xsm-4.1-12.i386.rpm
        Caldera RPM XFree86-xterm-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-xterm-4.1-12.i386.rpm
        Caldera RPM XFree86-Xvfb-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/XFree86-Xvfb-4.1-12.i386.rpm
        Caldera RPM XFree86-4.1-12.src.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS/XFree86-4.1-12.src.rpm
        Caldera RPM XFree86-config-eg-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-config-eg-4.1-12.i386.rpm
        Caldera RPM XFree86-contrib-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-contrib-4.1-12.i386.rpm
        Caldera RPM XFree86-devel-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-devel-4.1-12.i386.rpm
        Caldera RPM XFree86-devel-prof-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-devel-prof-4.1-12.i386.rpm
        Caldera RPM XFree86-devel-static-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-devel-static-4.1-12.i386.rpm
        Caldera RPM XFree86-fonts-100dpi-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-100dpi-4.1-12.i386.rpm
        Caldera RPM XFree86-fonts-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-4.1-12.i386.rpm
        Caldera RPM XFree86-fonts-75dpi-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-75dpi-4.1-12.i386.rpm
        Caldera RPM XFree86-fonts-cyrillic-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-cyrillic-4.1-12.i386.rpm
        Caldera RPM XFree86-fonts-extra-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-extra-4.1-12.i386.rpm
        Caldera RPM XFree86-fonts-scale-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-scale-4.1-12.i386.rpm
        Caldera RPM XFree86-fonts-speedo-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fonts-speedo-4.1-12.i386.rpm
        Caldera RPM XFree86-fontserver-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/XFree86-fontserver-4.1-12.i386.rpm
        Caldera RPM XFree86-imake-4.1-12.i386.rpm
        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1

- 漏洞信息 (F31839)

SCOX.txt (PacketStormID:F31839)
2003-10-16 00:00:00
 
advisory,local,vulnerability
CVE-2002-0158,CVE-2002-0164
[点击下载]

SCO Security Advisory - SCO OpenServer 5.0.5, 5.0.6, and 5.0.7 has had multiple vulnerabilities discovered in Xsco. One matches the command line parameter -co hole discovered in Xsun and another allows any local user with X access to gain read/write access to a shared memory segment.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco
Advisory number: 	CSSA-2003-SCO.26
Issue date: 		2003 October 10
Cross reference: 	sr862609 fz520528 erg712006 sr860995 fz520242 erg711972 CAN-2002-0158 CAN-2002-0164 
______________________________________________________________________________


1. Problem Description

	This supplement corrects two unrelated security problems in the
        SCO OpenServer "Xsco" X11 server.

        First,

	NSFOCUS Security Team has found a buffer overflow vulnerability
	in Xsun shipped with Solaris system when processing a
	command line parameter "-co", which could enable a local
	attacker to run arbitrary code with root user/root group
	privilege. 
	 
	Kevin Finisterre of Snosoft.com discovered that Xsco was also
	vulnerable. 
	 
	The Common Vulnerabilities and Exposures (CVE) project has assigned 
	the name CAN-2002-0158 to this issue. This is a candidate for 
	inclusion in the CVE list (http://cve.mitre.org), which standardizes 
	names for security problems. Candidates may change significantly
	before they become official CVE entries.

	Second,

	Roberto Zunino discovered a vulnerability in the MIT-SHM extension in
	all X servers that are running as root.

	Any user with local X access can exploit the MIT-SHM extension and gain
	read/write access to any shared memory segment on the system. 

	The Common Vulnerabilities and Exposures (CVE) project has assigned
        the name CAN-2002-0164 to this issue. This is a candidate for
        inclusion in the CVE list (http://cve.mitre.org), which standardizes
        names for security problems. Candidates may change significantly
        before they become official CVE entries.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.7 		/usr/bin/X11/Xsco
	OpenServer 5.0.6 		/usr/bin/X11/Xsco
	OpenServer 5.0.5 		/usr/bin/X11/Xsco


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.7, OpenServer 5.0.6, OpenServer 5.0.5

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.26


	4.2 Verification

	MD5 (VOL.000.000) = e7cbf7a8094ba43d44a6657a95673aeb
	MD5 (VOL.001.000) = 2eca28ac86436cec5fa7f059ab2fe850

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.


5. References

	Specific references for this advisory:
		http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158 
		http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2 
		http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html
		http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164
		http://marc.theaimsgroup.com/?l=bugtraq&m=103547625009363&w=2
		http://xforce.iss.net/xforce/xfdb/8706
		http://www.securityfocus.com/bid/4396
		http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html
		ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt
	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr862609 fz520528
	erg712006 sr860995 fz520242 erg711972


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

7. Acknowledgments

	SCO would like to thank the NSFOCUS Security Team for finding
        the "-co" vulnerability, and Kevin Finisterre of Snosoft.com for
        confirming its applicability to Xsco.  SCO would also like to
        thank Roberto Zunino for discovering the MIT-SHM vulnerability.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/jfZSaqoBO7ipriERAjSbAJkBWpJMSXcQwLFnTTRgVa5vaEXGEgCfeSKa
yS0vg5xrMpoBo3zWeqgpsNQ=
=Abuh
-----END PGP SIGNATURE-----

----- End forwarded message -----
    

- 漏洞信息

14301
XFree86 MIT-SHM Extension Arbitrary Memory Access

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-03-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

XFree86 MIT-SHM Shared Memory Access Vulnerability
Access Validation Error 4396
No Yes
2002-03-15 12:00:00 2009-07-11 11:56:00
Vulnerability discovery credited to Roberto Zunino.

- 受影响的程序版本

XFree86 X11R6 4.2.1
+ Immunix Immunix OS 7.3
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ RedHat Linux 7.3
+ Slackware Linux 8.1
XFree86 X11R6 4.2 .0
+ Conectiva Linux Enterprise Edition 1.0
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
XFree86 X11R6 4.1 .0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 7.0
XFree86 X11R6 4.1 -11
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
XFree86 X11R6 4.0.3
+ RedHat Linux 7.1
XFree86 X11R6 4.0.2 -11
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
XFree86 X11R6 4.0.1
+ RedHat Linux 7.0
XFree86 X11R6 4.0
Sun Linux 5.0.6
SGI IRIX 6.5.17 m
SGI IRIX 6.5.17 f
SGI IRIX 6.5.16 m
SGI IRIX 6.5.16 f
SGI IRIX 6.5.15 m
SGI IRIX 6.5.15 f
SGI IRIX 6.5.14 m
SGI IRIX 6.5.14 f
SGI IRIX 6.5.13 m
SGI IRIX 6.5.13 f
SGI IRIX 6.5.12
SGI IRIX 6.5.11
SGI IRIX 6.5.10
SGI IRIX 6.5.9
SGI IRIX 6.5.8
SGI IRIX 6.5.7
SGI IRIX 6.5.6
SGI IRIX 6.5.5
SGI IRIX 6.5.4
SGI IRIX 6.5.3
SGI IRIX 6.5.2
SGI IRIX 6.5.1
SGI IRIX 6.5
SCO Open Server 5.0.7
SCO Open Server 5.0.6
SCO Open Server 5.0.5
SCO Open Server 5.0.4
SCO Open Server 5.0.3
SCO Open Server 5.0.2
SCO Open Server 5.0.1
SCO Open Server 5.0
RedHat XFree86-Xvfb-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-Xnest-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-xfs-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-xdm-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-xauth-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-twm-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-truetype-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-tools-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-Mesa-libGLU-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-Mesa-libGL-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-libs-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-9-75dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-9-100dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-2-75dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-2-100dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-15-75dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-15-100dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-font-utils-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-doc-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-devel-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-cyrillic-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-base-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-75dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-100dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat Linux 8.0 i386
Gentoo Linux 1.4 _rc1
Gentoo Linux 1.2
Caldera UnixWare 7.1.1
Caldera OpenUnix 8.0
XFree86 X11R6 4.2.1 Errata
XFree86 X11R6 4.1 -12
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
SGI IRIX 6.5.18

- 不受影响的程序版本

XFree86 X11R6 4.2.1 Errata
XFree86 X11R6 4.1 -12
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
SGI IRIX 6.5.18

- 漏洞讨论

The MIT-SHM extension for XFree86 provides System V shared memory to X processes. Various operating systems shipped with XFree86 versions prior to 4.1 have support for this shared memory scheme enabled.

This configuration is vulnerable to a problem that allows local X users to gain read and write access to any shared memory segment on the system. This could allow interference with other users and possibly elevation of privileges, depending on the context.

Other configurations of XFree86 may be vulnerable to this problem, depending on whether or not System V shared memory and MIT-SHM has been enabled.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Red Hat has released an advisory (RHSA-2003:064-01) to address this issue. Details on obtaining and applying fixes are contained in the referenced advisory.

Red Hat has released a revised advisory (RHSA-2003:067-02) to address this issue. Fixes from the previous advisory (RHSA-2003:067-01) are functional but contain debugging info. The revised advisory includes new fixes that do not contain debugging info. Details on obtaining and applying fixes are contained in the revised advisory.

FreeBSD has released upgrades. Users are advised to upgrade their Ports
collection and reinstall the affected port.

SGI has released an advisory. SGI strongly advises users to either download and install the appropriate patches or to upgrade to IRIX 6.5.18 when it is available. Further details are available in the referenced advisory.

Conectiva has released an advisory (CLA-2002:533) containing fixes for Conectiva Linux 6.0 and 7.0. Further details about obtaining fixes are available in the attached advisory.

Gentoo Linux has released an advisory. Users of x11-base/xfree-4.2.0-r12 and earlier are urged to update their systems by issuing the following commands:

emerge rsync
emerge xfree
emerge clean

Sun has released updates correcting this issue.

Debian has released an advisory (DSA 380-1) with fixes to address this issue. Please see the referenced advisory for more information.

SCO has released advisory CSSA-2003-SCO.26 to address this issue.

Upgrades are available:


RedHat XFree86-ISO8859-9-75dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-Xnest-4.2.0-72.i386.rpm

RedHat XFree86-libs-4.2.0-72.i386.rpm

RedHat XFree86-Mesa-libGLU-4.2.0-72.i386.rpm

RedHat XFree86-100dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-2-100dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-twm-4.2.0-72.i386.rpm

RedHat XFree86-doc-4.2.0-72.i386.rpm

RedHat XFree86-font-utils-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-2-75dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-Xvfb-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-15-100dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-xdm-4.2.0-72.i386.rpm

RedHat XFree86-base-fonts-4.2.0-72.i386.rpm

RedHat XFree86-truetype-fonts-4.2.0-72.i386.rpm

RedHat XFree86-4.2.0-72.i386.rpm

RedHat XFree86-xfs-4.2.0-72.i386.rpm

RedHat XFree86-cyrillic-fonts-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-15-75dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-tools-4.2.0-72.i386.rpm

RedHat XFree86-devel-4.2.0-72.i386.rpm

RedHat XFree86-75dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-9-100dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-xauth-4.2.0-72.i386.rpm

RedHat XFree86-Mesa-libGL-4.2.0-72.i386.rpm

XFree86 X11R6 4.1 .0

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站