BID:9851

XInterceptTalk XITalk Privilege Escalation Vulnerability

Info

XInterceptTalk XITalk Privilege Escalation Vulnerability

Bugtraq ID:	9851
Class:	Design Error
CVE:	CVE-2004-0151
Remote:	No
Local:	Yes
Published:	Mar 12 2004 12:00AM
Updated:	Jul 12 2009 03:06AM
Credit:	Discovery of this issue is credited to Steve Kemp.
Vulnerable:	XInterceptTalk xitalk 1.1.11 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0

Not Vulnerable:

Discussion

XInterceptTalk XITalk Privilege Escalation Vulnerability

Reportedly xitalk is prone to a local privilege escalation vulnerability. This issue is due to a design error causing a failure in the handling of privileges by the application.

The problem may allow a malicious user to execute arbitrary commands using the privileges of the 'utmp' user.

Exploit / POC

XInterceptTalk XITalk Privilege Escalation Vulnerability

No exploit is required to leverage this issue.

Solution / Fix

XInterceptTalk XITalk Privilege Escalation Vulnerability

Solution:
Debian has released advisory DSA 462-1 and fixes dealing with this issue. Please see the reference section for more information.

XInterceptTalk xitalk 1.1.11

Debian xitalk_1.1.11-9.1woody1_alpha.deb
Alpha architecture:
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9. 1woody1_alpha.deb

Debian xitalk_1.1.11-9.1woody1_arm.deb
ARM architecture:
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9. 1woody1_arm.deb

Debian xitalk_1.1.11-9.1woody1_hppa.deb
HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9. 1woody1_hppa.deb

Debian xitalk_1.1.11-9.1woody1_i386.deb
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9. 1woody1_i386.deb

Debian xitalk_1.1.11-9.1woody1_ia64.deb
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9. 1woody1_ia64.deb

Debian xitalk_1.1.11-9.1woody1_m68k.deb
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9. 1woody1_m68k.deb

Debian xitalk_1.1.11-9.1woody1_mips.deb
Big Endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9. 1woody1_mips.deb

Debian xitalk_1.1.11-9.1woody1_mipsel.deb
Little Endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9. 1woody1_mipsel.deb

Debian xitalk_1.1.11-9.1woody1_powerpc.deb
PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9. 1woody1_powerpc.deb

Debian xitalk_1.1.11-9.1woody1_s390.deb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9. 1woody1_s390.deb

Debian xitalk_1.1.11-9.1woody1_sparc.deb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9. 1woody1_sparc.deb

References

XInterceptTalk XITalk Privilege Escalation Vulnerability

References:

xitalk (Shellcode.org)