Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 191964 - x11-base/xorg-server < 1.3.0.0-r1 Composite local privilege escalation (CVE-2007-4730)
Summary: x11-base/xorg-server < 1.3.0.0-r1 Composite local privilege escalation (CVE-2...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.frsirt.com/english/advisor...
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-09-10 10:22 UTC by Robert Buchholz (RETIRED)
Modified: 2008-01-10 08:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-09-10 10:22:04 UTC
From FrSIRT/ADV-2007-3098:

A vulnerability has been identified in X.Org X Server, which could be exploited by local attackers to obtain elevated privileges. This issue is caused by a buffer overflow error in the "compNewPixmap()" [composite/compalloc.c] function within the composite extension when copying the contents of pixmaps, which could be exploited by malicious users to execute arbitrary code with elevated privileges.

Affected Products: X.Org X Server versions prior to 1.4
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-09-10 10:58:11 UTC
The patch from http://bugs.freedesktop.org/show_bug.cgi?id=7447 applies to 1.3.0.0 fine:
http://bugs.freedesktop.org/attachment.cgi?id=11368&action=view
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-09-10 11:06:57 UTC
cc'ing maintainers (per request)
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-09-11 10:41:24 UTC
meh.. sorry for the bugspam
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2007-09-11 20:54:30 UTC
x11, is the composite extension enabled or disabled by default?

Please provide an updated ebuild with the fix.
Comment 5 Donnie Berkholz (RETIRED) gentoo-dev 2007-09-11 21:35:29 UTC
(In reply to comment #4)
> x11, is the composite extension enabled or disabled by default?

Off, but anyone using eye candy has it on.

> Please provide an updated ebuild with the fix.

Will get to it soon.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2007-09-24 22:05:16 UTC
(In reply to comment #5)
> > Please provide an updated ebuild with the fix.
> Will get to it soon.

Any updates here?
Comment 7 Donnie Berkholz (RETIRED) gentoo-dev 2007-09-30 07:42:45 UTC
1.3.0.0-r1 has this fix.
Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-30 09:53:39 UTC
Thanks Donnie. 
Arches, please test and mark stable x11-base/xorg-server-1.3.0.0-r1
target "alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86 ~x86-fbsd"
Comment 9 Markus Meier gentoo-dev 2007-09-30 13:18:54 UTC
x86 stable
Comment 10 Markus Rothe (RETIRED) gentoo-dev 2007-09-30 15:34:28 UTC
ppc64 stable
Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev 2007-09-30 19:53:59 UTC
ppc stable
Comment 12 Joshua Kinard gentoo-dev 2007-10-01 00:51:29 UTC
mips stable.
Comment 13 Raúl Porcel (RETIRED) gentoo-dev 2007-10-01 13:18:25 UTC
alpha/ia64/sparc stable
Comment 14 Jeroen Roovers (RETIRED) gentoo-dev 2007-10-02 05:04:12 UTC
Stable for HPPA.
Comment 15 Chris Gianelloni (RETIRED) gentoo-dev 2007-10-02 20:05:22 UTC
amd64 done
Comment 16 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-02 20:35:49 UTC
glsa request filed.
Comment 17 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-15 05:11:39 UTC
GLSA 200710-16