正文

X.Org X Server Composite扩展本地溢出漏洞

admin
admin V管理员 /0 评论 /6 阅读
0104
此篇文章发布距今已超过1230天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

X.Org X Server Composite扩展本地溢出漏洞

  • CNNVD编号:CNNVD-200709-124
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2007-4730
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2007-09-11
  • 威胁类型: 本地
  • 更新时间: 2009-02-05
  • 厂        商: x.org
  • 漏洞来源: Aaron Plattner

漏洞简介

Xorg X Server是Solaris x86平台上可用的X窗口系统显示服务器之一。

X Server的composite扩展在从有不同位深度的像素图拷贝数据时存在缓冲区溢出,远程攻击者可能利用此漏洞诱使用户处理恶意文件控制用户系统。

如果本地用户在特制的像素图之间进行数据拷贝的话,就可能触发这个溢出,导致以提升的权限执行任意指令。

漏洞公告

Debian已经为此发布了一个安全公告(DSA-1372-1)以及相应补丁:

DSA-1372-1:New xorg-server packages fix privilege escalation

链接:

http://www.debian.org/security/2007/dsa-1372

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch1.dsc

Size/MD5 checksum: 1989 040b7079792c41cf036ab6c53dc9b4a4

http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch1.diff.gz

Size/MD5 checksum: 623510 e631fd8b61a97e7f86acc8163e66877e

http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz

Size/MD5 checksum:8388609 15852049050e49f380f953d8715500b9

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_alpha.deb

Size/MD5 checksum:1028658 3d80f46705d75293dfdfc660b8c43bc0

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_alpha.deb

Size/MD5 checksum: 136746 c5b34af1931488d30258c4d1e9583590

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_alpha.deb

Size/MD5 checksum:1762540 663078c6df56758348ae1643ef77f5a8

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_alpha.deb

Size/MD5 checksum:1960320 d94c2f8cb88bb818ae853d4d711c5560

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_alpha.deb

Size/MD5 checksum:4453854 5ebd60f215bd68c9efb6cdb053cee5bb

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_alpha.deb

Size/MD5 checksum: 352544 f1dfdbdb4c14ac681148bff5f94a0d93

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_alpha.deb

Size/MD5 checksum:1928424 610d3c3ed15d840b94997120d6e63a29

AMD64 architecture:

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_amd64.deb

Size/MD5 checksum: 859102 da077a3b9ee01a66b3de1651d932acaf

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_amd64.deb

Size/MD5 checksum: 130182 fbf76362c4261ff534cc8c529d323c08

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_amd64.deb

Size/MD5 checksum:1472862 696e796f15ca561b6b07256814b13e5f

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_amd64.deb

Size/MD5 checksum:1654590 995dddb3246c71bfb8bae0018cdd836c

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_amd64.deb

Size/MD5 checksum:3902396 1a8798118bead94e4b5572852f137569

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_amd64.deb

Size/MD5 checksum: 345012 e1f5e1251d2107812b375c3a13312252

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_amd64.deb

Size/MD5 checksum:1624188 6bf3205815c23651eef568640c3cf5ad

ARM architecture:

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_arm.deb

Size/MD5 checksum: 853576 dd529d80b55d4562c0c3b066987e08ae

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_arm.deb

Size/MD5 checksum: 125000 ac5ac4ac699f0cc1ca754016c722b043

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_arm.deb

Size/MD5 checksum:1445032 fa50381c5e6a40d082b905b2755735f9

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_arm.deb

Size/MD5 checksum:1621736 dc41c8ed286afeabb52e7af6ff83dca9

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_arm.deb

Size/MD5 checksum:3777108 1af110b3dff919310791ec415d379066

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_arm.deb

Size/MD5 checksum: 351798 eb3703d019453582e8bb5ee2443de793

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_arm.deb

Size/MD5 checksum:1597628 22bdaf4d92a7e89b6c0906fc8fddf6a7

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_hppa.deb

Size/MD5 checksum: 909

参考网址

来源: DEBIAN

名称: DSA-1372

链接:http://www.debian.org/security/2007/dsa-1372

来源: SECUNIA

名称: 26755

链接:http://secunia.com/advisories/26755

来源: SECUNIA

名称: 26743

链接:http://secunia.com/advisories/26743

来源: wiki.rpath.com

链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0187

来源: OSVDB

名称: 37726

链接:http://osvdb.org/37726

来源: MLIST

名称: [xorg-announce] 20070906 xorg-server 1.4

链接:http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html

来源: bugs.freedesktop.org

链接:http://bugs.freedesktop.org/show_bug.cgi?id=7447

来源: /issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-1728

来源: XF

名称: xorg-composite-bo(36535)

链接:http://xforce.iss.net/xforce/xfdb/36535

来源: UBUNTU

名称: USN-514-1

链接:http://www.ubuntu.com/usn/usn-514-1

来源: SECTRACK

名称: 1018665

链接:http://www.securitytracker.com/id?1018665

来源: BID

名称: 25606

链接:http://www.securityfocus.com/bid/25606

来源: REDHAT

名称: RHSA-2007:0898

链接:http://www.redhat.com/support/errata/RHSA-2007-0898.html

来源: SUSE

名称: SUSE-SA:2007:054

链接:http://www.novell.com/linux/security/advisories/2007_54_xorg.html

来源: MANDRIVA

名称: MDVSA-2008:022

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:022

来源: MANDRIVA

名称: MDKSA-2007:178

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:178

来源: GENTOO

名称: GLSA-200805-07

链接:http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

来源: support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2007-394.htm

来源: GENTOO

名称: GLSA-200710-16

链接:http://security.gentoo.org/glsa/glsa-200710-16.xml

来源: SECUNIA

名称: 30161

链接:http://secunia.com/advisories/30161

来源: SECUNIA

名称: 27228

链接:http://secunia.com/advisories/27228

来源: SECUNIA

名称: 27179

链接:http://secunia.com/advisories/27179

来源: SECUNIA

名称: 27147

链接:http://secunia.com/advisories/27147

来源: SECUNIA

名称: 26897

链接:http://secunia.com/advisories/26897

来源: SECUNIA

名称: 26859

链接:http://secunia.com/advisories/26859

来源: SECUNIA

名称: 26823

链接:http://secunia.com/advisories/26823

来源: SECUNIA

名称: 26763

链接:http://secunia.com/advisories/26763

来源: bugs.gentoo.org

链接:http://bugs.gentoo.org/show_bug.cgi?id=191964

受影响实体

  • X.Org Xorg-Server:1.3  
    <!--
    2000-1-1
    -->
  • X.Org Xorg-Server:1.2  
    <!--
    2000-1-1
    -->
  • X.Org Xorg-Server:1.1  
    <!--
    2000-1-1
    -->
  • X.Org Xorg-Server:1.01  
    <!--
    2000-1-1
    -->
  • X.Org Xorg-Server:1.02  
    <!--
    2000-1-1
    -->

补丁

    暂无