• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

XFree86 libX11.so Local Privilege Escalation Vulnerability

SuSE has reported a vulnerability in XFree86 that may affect other systems which include it. The xf86 package, which is included in the Suse Linux distribution, contains various programs and libraries that are necessary for X server to run. The package includes the libX11.so library.

When libX11.so is called it will dynamically load libraries via a path defined in a environment variable, controlled by the executing user. libX11.so fails to disable the variable when the process is setuid, allowing for malicious libraries to be loaded. Attackers may cause arbitrary code to be executed with escalated privileges