CERTVU:188507Low BandWidth X proxy vulnerable to buffer overflow via crafted display command line option
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
30.7%
Overview
A locally exploitable buffer overflow exists in the Low BandWidth X proxy.
Description
The Low BandWidth X proxy is a component of XFree86 (a freely redistributable open-source implementation of the X Window System). The Low BandWidth X proxy allows applications to transparently take advantage of the Low Bandwidth extension to X (LBX). LBX allows one to make more efficient use of low bandwidth high latency communication links. Quoting from LBX technical specifications:
Low Bandwidth X (LBX) is a network-transparent protocol for running X Window System applications over transport channels whose bandwidth and latency are significantly worse than that used in local area networks. It combines a variety of caching and reencoding techniques to reduce the volume of data that must be sent over the wire. It can be used with existing clients by placing a proxy between the clients and server, so that the low bandwidth/high latency communication occurs between the proxy and server.
The vulnerability manifests itself in the following function:
lbxproxy/di/wire.c:ConnectToServer
Impact
A local attacker can execute arbitrary code with root privileges.
Solution
Apply a vendor patch.
Vendor Information
188507
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Hewlett-Packard Company __ Affected
Notified: April 03, 2002 Updated: August 19, 2002
Status
Affected
Vendor Statement
HP has released patches to correct the buffer overflow in lbxproxy. Since this is not a security issue on HP-UX we do not plan to issue a security bulletin.
These patches corrected the lbxproxy overflow:
10.20 PHSS_25293 :Xserver:
11.00 PHSS_26566 :Xserver:
11.11 PHSS_26577 :Xserver:
11.04 PHSS_27542 :VVOS:Xserver:
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Sun Microsystems Inc. __ Affected
Updated: August 19, 2002
Status
Affected
Vendor Statement
<http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44842>
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Apple Computer Inc. __ Not Affected
Notified: April 03, 2002 Updated: April 04, 2002
Status
Not Affected
Vendor Statement
lbxproxy(1) is not shipped with Mac OS X or Mac OS X Server.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Cray Inc. __ Not Affected
Notified: April 05, 2002 Updated: April 11, 2002
Status
Not Affected
Vendor Statement
Cray, Inc. will not be affected by VU#188507 because lbxproxy is not included in Unicos or Unicos/mk.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Fujitsu __ Not Affected
Notified: April 03, 2002 Updated: April 04, 2002
Status
Not Affected
Vendor Statement
Fujitsu’s UXP/V operating system is not affected because it does not support the Low BandWidth X proxy functionality.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
IBM __ Not Affected
Notified: April 03, 2002 Updated: April 05, 2002
Status
Not Affected
Vendor Statement
IBM’s AIX operating system, versions 4.3.x and 5.1, is not susceptible to this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Lotus Development Corporation __ Not Affected
Notified: April 03, 2002 Updated: June 12, 2002
Status
Not Affected
Vendor Statement
This issue does not apply to Lotus products.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
NEC Corporation __ Not Affected
Notified: April 03, 2002 Updated: April 05, 2002
Status
Not Affected
Vendor Statement
[Server Products]
- EWS/UP 48 Series
- are NOT vulnerable, since 48 series OS do not support the “lbxproxy”.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
OpenBSD __ Not Affected
Notified: April 03, 2002 Updated: April 04, 2002
Status
Not Affected
Vendor Statement
Not exploitable.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
SGI __ Not Affected
Notified: April 03, 2002 Updated: April 11, 2002
Status
Not Affected
Vendor Statement
lbxproxy is not sgid root in IRIX, and IRIX doesn’t appear to be vulnerable.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
XFree86 __ Not Affected
Notified: April 15, 2002 Updated: April 19, 2002
Status
Not Affected
Vendor Statement
XFree86 doesn’t install lbxproxy either set-uid or set-gid, so with a standard XFree86 build/install it isn’t possible to exploit this.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
BSDI Unknown
Notified: April 03, 2002 Updated: April 03, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Caldera Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Cisco Systems Inc. Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Compaq Computer Corporation Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Computer Associates Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Debian Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Engarde Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
FreeBSD Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Lucent Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
MandrakeSoft Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
NetBSD Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Nortel Networks Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Oracle Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Red Hat Inc. Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
SCO Unknown
Notified: April 03, 2002 Updated: April 03, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Sequent Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Sony Corporation Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Unisys Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
Xerox Unknown
Notified: April 03, 2002 Updated: April 04, 2002
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23188507 Feedback>).
View all 30 vendors __View less vendors __
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.eSecurityOnline.com/advisories/eSO3761.asp>
- <http://www.xfree86.org/4.2.0/lbxproxy.1.html>
- <http://lpo.fri.uni-lj.si/doc_link/en_US/a_doc_lib/x11/specs/lbx.htm>
- <http://www.securityfocus.com/bid/4633>
Acknowledgements
The CERT/CC thanks Sun Microsystems for reporting this vulnerability to us.
This document was written by Ian A. Finlay.
Other Information
| CVE IDs: | CVE-2002-0090 |
|---|---|
| Severity Metric: | 7.50 Date Public: |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
30.7%