Re: CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8)

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/15/2011 11:09 AM, vladz wrote:
> Hi,
>
> On Debian systems, the X wrapper (/usr/bin/X) is a setuid-root binary that
> checks for some security requirements before launching Xorg with root
> privileges.
>
> By default, the wrapper's configuration file only allows users whose
> controlling TTY (console) to start the X server, but it is possible to
> bypass this restriction by connecting another file (with similar tty
> properties) to standard input before launching the X wrapper.
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249
>
> Could you allocate CVE id for this issue?
>
> Thank you,
> vladz.
Please use CVE-2011-4613 for this issue.

- -- 

- -Kurt Seifried / Red Hat Security Response Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQIcBAEBAgAGBQJO6mkcAAoJEBYNRVNeJnmTcMYP/0Q8NBMWVqvawJGaEpaYd0Jv
OG8CwczJJsDoQVJ9UfQYEe96uIgcUUWAoCASc9W+l9hBm7YIo33XvaqlgllKtjXV
PR683V+UvMqlFBFlm+O4+7HBdME2QFw+PHYkolbButZl/DBNTQzByafIcW9FDHJz
8gbuOTn8C7wKm9FQv3iFbE3QwQOg94gHW69Sen7Xe47xuShIg9rVUFjo+5duMq5/
qvAA6kSNwgjyrDCesWmdQjezDIibVei4SIDKrpKpwLUmCwScvBshkTOsy/bRPkZL
MYkU2YB6HitYc21VW/ampeX/aa2HduYilOcWKx25LNcXAx6P0dCT12aluj+Ca4qm
30YMe5Dd61CqgP+yaqQXXxlM0XTP8o1du9TKGct/0GizlUfYvJ9m+Pc6NSjFkdVL
zxiktRXVFoyGNy0tkCYDF7eXtCrctpbk5aDdy4p+LlV281StML311WN0MEe37mPa
70L3pAZTgvIUq08NscAQkFdzYYV5jEz3M3tqsg99KrbqrCNkUMuMuxqMz7Mu6KnA
H8mu9iEI/lZQnLVti/65aoB6T7ewYzlPTA0E/nNo4BIshYuIxsrimrcvkDLAjwuc
IiqogpTGCjTadZXkeSIk+j7CqyTOwmXFg0RLTx66kyTJJg6zdEMkWFBjF4O3OGfH
6SCBBBD7bdllA+IByZ6j
=hyxS
-----END PGP SIGNATURE-----