Bug#280872: xfree86: is Woody XFree86 still vulnerable to libX11.so Local Privilege Escalation?
Package: xfree86
Severity: critical
Tags: security
Justification: root security hole
Good day,
I'm reviewing the list of 2002 CVEs to check if there is still
some known vulnerables packages in testing.
In CVE-2002-1472 it is written :
| libX11.so in xfree86, when used in setuid or setgid programs, allows
| local users to gain root privileges via a modified LD_PRELOAD
| environment variable that points to a malicious module.
According to http://www.securityfocus.com/bid/5735/info/
this was fixed in xfree86 4.2.1 so testing and unstable are not
vulnerable.
As I can't see any reference to this issue in stable changelog I
think woody version is still vulnerable.
Regards.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.9-rfb-swsusp
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)
Reply to: