• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

A buffer overflow exists in the X server.
2004-06-08
Published: 2004-02-18 09:45:40
Updated: 2004-05-07 09:45:40

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IBM SECURITY ADVISORY

First Issued: Wed Feb 18 10:55:22 CST 2004
| Updated  Fri May  7 15:32:39 CDT 2004
| Removed efix information


===========================================================================
                           VULNERABILITY SUMMARY

VULNERABILITY:      A buffer overflow that exists in the X server
                    can be exploited to gain root privileges.

PLATFORMS:          AIX 4.3, 5.1 and 5.2.

| Updated  Fri May  7 15:32:39 CDT 2004
| Removed efix information
SOLUTION:           Apply the APARs as described below.

THREAT:             A local attacker can gain root privileges.

CERT VU Number:     n/a
CVE Number:         CAN-2004-0083
===========================================================================
                           DETAILED INFORMATION


I.  Description
===============
A buffer overflow exists in the X server.

This vulnerability can be exploited by an attacker who has the ability to
modify the fonts.alias file used by the X server and perform operations
against the X server. The fonts.alias file can only be modified by root;
this makes it difficult for an attacker to exploit this vulnerability.

X ships as part of the X11.base.rte fileset. To determine if this fileset
is installed, execute the following command:

# lslpp -L X11.base.rte

If the fileset is installed it will be listed along with their version
information, state, type and a description.


II. Impact
==========

A local attacker may gain root privileges.


III.  Solutions
===============

A. Official Fix
IBM provides the following fixes:

      APAR number for AIX 4.3.3:  IY53508 (available)
      APAR number for AIX 5.1.0:  IY53673 (available)
      APAR number for AIX 5.2.0:  IY53519 (available)

NOTE: Affected customers are urged to upgrade to 4.3.3, 5.1.0 or 5.2.0 at
the latest maintenance level.

| Updated Fri may  7 15:21:39 cdt 2004 
| Removed efix information

IV. Obtaining Fixes
===================

AIX Version 4.3.3 and Version 5 APARs can be downloaded from
the eServer pSeries Fix Central web site:

     http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp


V.  Contact Information
========================

If you would like to receive AIX Security Advisories via email, please visit:
     https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs

Comments regarding the content of this announcement can be directed to:

     security-alert@austin.ibm.com

To request the PGP public key that can be used to communicate securely
with the AIX Security Team send email to security-alert@austin.ibm.com
with a subject of "get key". The key can also be downloaded from a
PGP Public Key Server. The key id is 0x3AE561C3.

Please contact your local IBM AIX support center for any assistance.

eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their
respective holders.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFAm/KA+0ah+jrlYcMRAhUEAKCeSlhs6bWWr0ng78QmH7MWUZ9CDgCg0NY8
OH/Bw8/3ZzBZBxkjtRTeiVI=
=0Spf
-----END PGP SIGNATURE-----