Debian Xfree86 Security Wrapper Bypass Checks

1998-01-21T00:00:00
ID OSVDB:3168
Type osvdb
Reporter OSVDB
Modified 1998-01-21T00:00:00

Description

Vulnerability Description

Debian's Xfree86 wrapper provided to add security to the X-Windows setup contains flaws that allow a local attacker to easily bypass the checks performed. The wrapper script performs several checks in an attempt to ensure only authorized users can access and execute the X-Windows related programs, however, due to these checks being poorly written, any local user attempting to access the X-Windows programs can trivially bypass the checks, rendering them useless.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Debian's Xfree86 wrapper provided to add security to the X-Windows setup contains flaws that allow a local attacker to easily bypass the checks performed. The wrapper script performs several checks in an attempt to ensure only authorized users can access and execute the X-Windows related programs, however, due to these checks being poorly written, any local user attempting to access the X-Windows programs can trivially bypass the checks, rendering them useless.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_1/0124.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_1/0125.html