[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#280872: xfree86: is Woody XFree86 still vulnerable to libX11.so Local Privilege Escalation?

Package: xfree86
Severity: critical
Tags: security
Justification: root security hole

Good day,

I'm reviewing the list of 2002 CVEs to check if there is still
some known vulnerables packages in testing.

In CVE-2002-1472 it is written :

| libX11.so in xfree86, when used in setuid or setgid programs, allows
| local users to gain root privileges via a modified LD_PRELOAD
| environment variable that points to a malicious module.

According to http://www.securityfocus.com/bid/5735/info/ 
this was fixed in xfree86 4.2.1 so testing and unstable are not

As I can't see any reference to this issue in stable changelog I
think woody version is still vulnerable.


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.9-rfb-swsusp
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)

Reply to: