[SECURITY] [DSA-310-1] New xaos packages fix improper setuid-root execution
2003-06-09T00:00:00
ID SECURITYVULNS:DOC:4677 Type securityvulns Reporter Securityvulns Modified 2003-06-09T00:00:00
Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Debian Security Advisory DSA 310-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
June 8th, 2003 http://www.debian.org/security/faq
Package : xaos
Vulnerability : improper setuid-root execution
Problem-Type : local
Debian-specific: no
XaoS, a program for displaying fractal images, is installed setuid
root on certain architectures in order to use svgalib, which requires
access to the video hardware. However, it is not designed for secure
setuid execution, and can be exploited to gain root privileges.
In these updated packages, the setuid bit has been removed from the
xaos binary. Users who require the svgalib functionality should grant
these privileges only to a trusted group.
This vulnerability is exploitable in version 3.0-18 (potato) on i386
and alpha architectures, and in version 3.0-23 (woody) on the i386
architecture only.
For the stable distribution (woody) this problem has been fixed in
version 3.0-23woody1.
For the old stable distribution (potato) this problem has been fixed
in version 3.0-18potato1.
For the unstable distribution (sid) this problem has been fixed in
version 3.1r-4.
We recommend that you update your xaos package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
These files will probably be moved into the stable distribution on
its next revision.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
{"id": "SECURITYVULNS:DOC:4677", "bulletinFamily": "software", "title": "[SECURITY] [DSA-310-1] New xaos packages fix improper setuid-root execution", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 310-1 security@debian.org\r\nhttp://www.debian.org/security/ Matt Zimmerman\r\nJune 8th, 2003 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : xaos\r\nVulnerability : improper setuid-root execution\r\nProblem-Type : local\r\nDebian-specific: no\r\n\r\nXaoS, a program for displaying fractal images, is installed setuid\r\nroot on certain architectures in order to use svgalib, which requires\r\naccess to the video hardware. However, it is not designed for secure\r\nsetuid execution, and can be exploited to gain root privileges.\r\n\r\nIn these updated packages, the setuid bit has been removed from the\r\nxaos binary. Users who require the svgalib functionality should grant\r\nthese privileges only to a trusted group.\r\n\r\nThis vulnerability is exploitable in version 3.0-18 (potato) on i386\r\nand alpha architectures, and in version 3.0-23 (woody) on the i386\r\narchitecture only.\r\n\r\nFor the stable distribution (woody) this problem has been fixed in\r\nversion 3.0-23woody1.\r\n\r\nFor the old stable distribution (potato) this problem has been fixed\r\nin version 3.0-18potato1.\r\n\r\nFor the unstable distribution (sid) this problem has been fixed in\r\nversion 3.1r-4.\r\n\r\nWe recommend that you update your xaos package.\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\nDebian GNU/Linux 2.2 alias potato\r\n- ---------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1.dsc\r\n Size/MD5 checksum: 656 b1e362a474d581ba1824da60b6d0820f\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1.diff.gz\r\n Size/MD5 checksum: 12875 39439ff29e99e622e0740c0ed5649ec0\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0.orig.tar.gz\r\n Size/MD5 checksum: 491030 5a63c3b696821e5d5d566ad9da308117\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_alpha.deb\r\n Size/MD5 checksum: 301304 b8223ba542c4f94303a87bf4b59da1aa\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_arm.deb\r\n Size/MD5 checksum: 255420 32d3f7ec3f08a69c9f69748dd8eb0b7d\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_i386.deb\r\n Size/MD5 checksum: 265706 c1bc554debfe8f6db35967221ad2523b\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_m68k.deb\r\n Size/MD5 checksum: 238206 bfb273abb997b558f28e6d42a0ce7f40\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_powerpc.deb\r\n Size/MD5 checksum: 259944 c3896220cf2a49c534c7e56daf6c3354\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_sparc.deb\r\n Size/MD5 checksum: 264324 53527bd2c6f16b8a1db962ba15e5e5b0\r\n\r\nDebian GNU/Linux 3.0 alias woody\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1.dsc\r\n Size/MD5 checksum: 614 aa5a4173d03ddf6da942bbe695e646ec\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1.diff.gz\r\n Size/MD5 checksum: 13151 42a7e4faf31422ae75ba2b8fe67bf9d7\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0.orig.tar.gz\r\n Size/MD5 checksum: 491030 5a63c3b696821e5d5d566ad9da308117\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_alpha.deb\r\n Size/MD5 checksum: 279926 7b7a28e6ba9d131100b1029cf33b2e37\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_arm.deb\r\n Size/MD5 checksum: 257958 d396c2c8738217064e1920a562565e45\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_i386.deb\r\n Size/MD5 checksum: 264816 31590033134a75d3c4e6d75d103ffd23\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_ia64.deb\r\n Size/MD5 checksum: 341294 601627022d14f90785a517c56f8d930e\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_hppa.deb\r\n Size/MD5 checksum: 310934 7e5777a884f8cc891887a27f8fedba3f\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_m68k.deb\r\n Size/MD5 checksum: 237376 33b445e27055f6842bad5e9c31f52704\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_mips.deb\r\n Size/MD5 checksum: 268060 2eb4e8c435e8d2bfc66efe7be9e07373\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_mipsel.deb\r\n Size/MD5 checksum: 268362 7a053d46c1b7700e9cda511b36bfae21\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_powerpc.deb\r\n Size/MD5 checksum: 258706 51ffe73454ea16c3cb7c9b6cdde7a905\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_s390.deb\r\n Size/MD5 checksum: 252020 a894fc0d12fb273070bcef7edad23eeb\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_sparc.deb\r\n Size/MD5 checksum: 260600 3652647f2f5331338e214c4d0be7105c\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next revision.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.2 (GNU/Linux)\r\n\r\niD8DBQE+4+tNArxCt0PiXR4RAk0LAJ9YPVOvZz3TytfuGHY8iez5Sk7iaACggEkm\r\nG0YPvJcKvI5GqrbfDTwh8tE=\r\n=Jklw\r\n-----END PGP SIGNATURE-----\r\n", "published": "2003-06-09T00:00:00", "modified": "2003-06-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4677", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:07", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:10:07", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB4464564", "KB4484364", "KB4464515", "KB4464602", "KB3115294", "KB4462208", "KB4550970", "KB3085501", "KB4484321", "KB3191914"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4677.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704677"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4677-1:3A61D"]}, {"type": "cve", "idList": ["CVE-2020-11028", "CVE-2020-11029", "CVE-2020-11027", "CVE-2020-11026", "CVE-2020-11030", "CVE-2020-11025"]}, {"type": "msupdate", "idList": ["MS:983875DE-5885-4775-9574-1960C535B180"]}], "modified": "2018-08-31T11:10:07", "rev": 2}, "vulnersScore": 6.4}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **81[.]68.209.141** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **46**.\n First seen: 2021-02-22T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **shellprobe**.\nASN 45090: (First IP 81.68.0.0, Last IP 81.71.255.255).\nASN Name \"CNNICTENCENTNETAP\" and Organisation \"Shenzhen Tencent Computer Systems Company Limited\".\nASN hosts 473991 domains.\nGEO IP information: City \"\", Country \"China\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-22T00:00:00", "id": "RST:A10D1B70-4677-37D1-82E0-54AAD3992C9A", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 81.68.209.141", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **fansale[.]su** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-29T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 23[.]202.231.167,23.217.138.108\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-29T00:00:00", "id": "RST:A2A197E9-4677-374B-8DBE-86405E57FCDA", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: fansale.su", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **102[.]177.198.66** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **12**.\n First seen: 2020-10-28T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 328230: (First IP 102.177.198.0, Last IP 102.177.201.255).\nASN Name \"\" and Organisation \"HammerandTonguesAS\".\nASN hosts 27 domains.\nGEO IP information: City \"\", Country \"Zimbabwe\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-28T00:00:00", "id": "RST:8B613A4A-4677-3CB4-A369-23E7A979A349", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 102.177.198.66", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **particulares-personasbbvabb[.]giize.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-24T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **malware**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-24T00:00:00", "id": "RST:36A79BE1-4677-3768-9A39-D87B7E5F6FB7", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: particulares-personasbbvabb.giize.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **202[.]164.139.187** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **28**.\n First seen: 2021-01-19T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 17465: (First IP 202.164.128.0, Last IP 202.164.159.255).\nASN Name \"ASIANET\" and Organisation \"Cable ISP in India\".\nASN hosts 742 domains.\nGEO IP information: City \"Alappuzha\", Country \"India\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-19T00:00:00", "id": "RST:B3E7E283-4677-301A-8D06-B3E3F9EFFC0E", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 202.164.139.187", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **118[.]211.9.224** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **40**.\n First seen: 2021-02-20T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 7545: (First IP 118.211.0.0, Last IP 118.211.127.255).\nASN Name \"TPGINTERNETAP\" and Organisation \"TPG Telecom Limited\".\nASN hosts 10931 domains.\nGEO IP information: City \"Adelaide\", Country \"Australia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-20T00:00:00", "id": "RST:A627FBCE-4677-36A8-AF75-73745A08D066", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 118.211.9.224", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **162[.]144.96.64** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **generic**.\nASN 46606: (First IP 162.144.66.0, Last IP 162.144.191.255).\nASN Name \"UNIFIEDLAYERAS1\" and Organisation \"Unified Layer\".\nASN hosts 8271193 domains.\nGEO IP information: City \"\", Country \"United States\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:E5FCFC0A-4677-363B-AD7D-794C3870580A", "href": "", "published": "2021-02-26T00:00:00", "title": "RST Threat feed. IOC: 162.144.96.64", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **etc2[.]uleypool.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:6E709920-4677-3B0F-A745-89EA12D2B056", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: etc2.uleypool.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **feb-dfz[.]pms.api.btc.top** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-24T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-24T00:00:00", "id": "RST:CD98A1CD-4677-372C-BA52-5C5A52457AF0", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: feb-dfz.pms.api.btc.top", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **cv[.]api.nanopool.org** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:0ACFA0EC-4677-3AB4-95C7-DF634A20491F", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: cv.api.nanopool.org", "type": "rst", "cvss": {}}]}
