Debian DSA-1466-1 Critical: Local Privilege Escalation in Xorg-Server
debian
January 17, 2008
Several local vulnerabilities have been discovered in the X.Org X
server
Summary
"regenrecht" discovered that missing input sanitising within
the XFree86-Misc extension may lead to local privilege escalation.
CVE-2007-5958
It was discovered that error messages of security policy file
handling may lead to a minor information leak disclosing the
existance of files otherwise unaccessible to the user.
CVE-2007-6427
"regenrecht" discovered that missing input sanitising within
the XInput-Misc extension may lead to local privilege escalation.
CVE-2007-6428
"regenrecht" discovered that missing input sanitising within
the TOG-CUP extension may lead to disclosure of memory contents.
CVE-2007-6429
"regenrecht" discovered that integer overflows in the EVI
and MIT-SHM extensions may lead to local privilege escalation.
For the unstable distribution (sid), this problem has been fixed in
version 2:1.4.1~git20080105-2 of xorg-server and version 1:1.3.1-2
of libxfont.
For the stable distribution (etch), this problem has been ...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!