BID:12500

XView Multiple Unspecified Local Buffer Overflow Vulnerabilities

Info

XView Multiple Unspecified Local Buffer Overflow Vulnerabilities

Bugtraq ID:	12500
Class:	Boundary Condition Error
CVE:	CVE-2005-0076
Remote:	No
Local:	Yes
Published:	Feb 09 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	Discovery is credited to Erik Sj lund.
Vulnerable:	xview xview 3.2 p1.4 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0

Not Vulnerable:

Discussion

XView Multiple Unspecified Local Buffer Overflow Vulnerabilities

It is reported that a number of unspecified buffer overflow vulnerabilities exist in the xview library. These issues could allow a local user to execute arbitrary code via linked executables that are installed with setuid privileges.

Debian has identified these issues in xview-3.2p1.4. Other versions affecting various platforms may be vulnerable as well.

Exploit / POC

XView Multiple Unspecified Local Buffer Overflow Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

XView Multiple Unspecified Local Buffer Overflow Vulnerabilities

Solution:
Debian has released advisory DSA 672-1 to address this issue. Please see the referenced advisory for more information.

xview xview 3.2 p1.4

Debian olvwm_4.4.3.2p1.4-16woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4 -16woody2_alpha.deb

Debian olvwm_4.4.3.2p1.4-16woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4 -16woody2_arm.deb

Debian olvwm_4.4.3.2p1.4-16woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4 -16woody2_hppa.deb

Debian olvwm_4.4.3.2p1.4-16woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4 -16woody2_i386.deb

Debian olvwm_4.4.3.2p1.4-16woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4 -16woody2_ia64.deb

Debian olvwm_4.4.3.2p1.4-16woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4 -16woody2_m68k.deb

Debian olvwm_4.4.3.2p1.4-16woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4 -16woody2_mips.deb

Debian olvwm_4.4.3.2p1.4-16woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4 -16woody2_mipsel.deb

Debian olvwm_4.4.3.2p1.4-16woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4 -16woody2_powerpc.deb

Debian olvwm_4.4.3.2p1.4-16woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4 -16woody2_s390.deb

Debian olvwm_4.4.3.2p1.4-16woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4 -16woody2_sparc.deb

Debian olwm_3.2p1.4-16woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16wo ody2_alpha.deb

Debian olwm_3.2p1.4-16woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16wo ody2_arm.deb

Debian olwm_3.2p1.4-16woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16wo ody2_hppa.deb

Debian olwm_3.2p1.4-16woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16wo ody2_i386.deb

Debian olwm_3.2p1.4-16woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16wo ody2_ia64.deb

Debian olwm_3.2p1.4-16woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16wo ody2_m68k.deb

Debian olwm_3.2p1.4-16woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16wo ody2_mips.deb

Debian olwm_3.2p1.4-16woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16wo ody2_mipsel.deb

Debian olwm_3.2p1.4-16woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16wo ody2_powerpc.deb

Debian olwm_3.2p1.4-16woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16wo ody2_s390.deb

Debian olwm_3.2p1.4-16woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16wo ody2_sparc.deb

Debian xview-clients_3.2p1.4-16woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2 p1.4-16woody2_alpha.deb

Debian xview-clients_3.2p1.4-16woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2 p1.4-16woody2_arm.deb

Debian xview-clients_3.2p1.4-16woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2 p1.4-16woody2_hppa.deb

Debian xview-clients_3.2p1.4-16woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2 p1.4-16woody2_i386.deb

Debian xview-clients_3.2p1.4-16woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2 p1.4-16woody2_ia64.deb

Debian xview-clients_3.2p1.4-16woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2 p1.4-16woody2_m68k.deb

Debian xview-clients_3.2p1.4-16woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2 p1.4-16woody2_mips.deb

Debian xview-clients_3.2p1.4-16woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2 p1.4-16woody2_mipsel.deb

Debian xview-clients_3.2p1.4-16woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2 p1.4-16woody2_powerpc.deb

Debian xview-clients_3.2p1.4-16woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2 p1.4-16woody2_s390.deb

Debian xview-clients_3.2p1.4-16woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2 p1.4-16woody2_sparc.deb

Debian xview-examples_3.2p1.4-16woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3. 2p1.4-16woody2_alpha.deb

Debian xview-examples_3.2p1.4-16woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3. 2p1.4-16woody2_arm.deb

Debian xview-examples_3.2p1.4-16woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3. 2p1.4-16woody2_hppa.deb

Debian xview-examples_3.2p1.4-16woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3. 2p1.4-16woody2_i386.deb

Debian xview-examples_3.2p1.4-16woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3. 2p1.4-16woody2_ia64.deb

Debian xview-examples_3.2p1.4-16woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3. 2p1.4-16woody2_m68k.deb

Debian xview-examples_3.2p1.4-16woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3. 2p1.4-16woody2_mips.deb

Debian xview-examples_3.2p1.4-16woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3. 2p1.4-16woody2_mipsel.deb

Debian xview-examples_3.2p1.4-16woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3. 2p1.4-16woody2_powerpc.deb

Debian xview-examples_3.2p1.4-16woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3. 2p1.4-16woody2_s390.deb

Debian xview-examples_3.2p1.4-16woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3. 2p1.4-16woody2_sparc.deb

Debian xviewg-dev_3.2p1.4-16woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1. 4-16woody2_alpha.deb

Debian xviewg-dev_3.2p1.4-16woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1. 4-16woody2_arm.deb

Debian xviewg-dev_3.2p1.4-16woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1. 4-16woody2_hppa.deb

Debian xviewg-dev_3.2p1.4-16woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1. 4-16woody2_i386.deb

Debian xviewg-dev_3.2p1.4-16woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1. 4-16woody2_ia64.deb

Debian xviewg-dev_3.2p1.4-16woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1. 4-16woody2_m68k.deb

Debian xviewg-dev_3.2p1.4-16woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1. 4-16woody2_mips.deb

Debian xviewg-dev_3.2p1.4-16woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1. 4-16woody2_mipsel.deb

Debian xviewg-dev_3.2p1.4-16woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1. 4-16woody2_powerpc.deb

Debian xviewg-dev_3.2p1.4-16woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1. 4-16woody2_s390.deb

Debian xviewg-dev_3.2p1.4-16woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1. 4-16woody2_sparc.deb

Debian xviewg_3.2p1.4-16woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16 woody2_alpha.deb

Debian xviewg_3.2p1.4-16woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16 woody2_arm.deb

Debian xviewg_3.2p1.4-16woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16 woody2_hppa.deb

Debian xviewg_3.2p1.4-16woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16 woody2_i386.deb

Debian xviewg_3.2p1.4-16woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16 woody2_ia64.deb

Debian xviewg_3.2p1.4-16woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16 woody2_m68k.deb

Debian xviewg_3.2p1.4-16woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16 woody2_mips.deb

Debian xviewg_3.2p1.4-16woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16 woody2_mipsel.deb

Debian xviewg_3.2p1.4-16woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16 woody2_powerpc.deb

Debian xviewg_3.2p1.4-16woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16 woody2_s390.deb

Debian xviewg_3.2p1.4-16woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16 woody2_sparc.deb

References

XView Multiple Unspecified Local Buffer Overflow Vulnerabilities

References:

Linux Xview/OpenLook resources (Xview/OpenLook)