[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Fwd: CVE-2006-4447 (not checking setuid's return value) in xterm



Hi everyone,

   I can't do this fix right now, since I don't have
net access on a Debian machine. Would someone mind
doing the update and upload? If no one is able to do
it right now, I can do it via sneakernet to work,
although not for a few days. Thanks!

 - David "Hoping to be back soon" Nusinow

--- Stefan Fritsch <sf@sfritsch.de> wrote:

> From: Stefan Fritsch <sf@sfritsch.de>
> To: David Nusinow <dnusinow@debian.org>
> Subject: CVE-2006-4447 (not checking setuid's return
> value) in xterm
> Date: Tue, 5 Sep 2006 21:19:21 +0200
> 
> Hi David,
> 
> xterm is setgid utmp and according to [1] does not
> correctly check the 
> return value of setgid, which might lead to some
> privilege 
> escalation. Shouldn't this be fixed?
> 
> Also, it would be good if you could check whether
> there are other 
> setuid/setgid applications that need to be fixed.
> The rest of those 
> mentioned in [1] are already fixed.
> 
> Thanks in advance.
> 
> Cheers,
> Stefan
> 
> [1]
>
http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Attachment: pgpvD0iowURqX.pgp
Description: pat476197184


Reply to: