-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2003-015 ================================= Topic: Remote and local vulnerabilities in XFree86 font libraries Version: NetBSD-current: source prior to August 31, 2003 NetBSD 1.6.1: affected NetBSD 1.6: affected NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affected NetBSD-1.5: affected Severity: High, for systems running an X server. Fixed: NetBSD-current: August 31, 2003 (xsrc is not branched by NetBSD release) Abstract ======== There is an integer overflow in the XFree86 font libraries, which could lead to potential privilege escalation and/or remote code execution. Technical Details ================= http://www.securityfocus.com/archive/1/335592 As seen in this advisory, the exact details of these issues have not been shared. Solutions and Workarounds ========================= Workaround (proposed in the XFree86 advisory): Ensure that neither xfs nor the X server include untrusted font servers in their font search paths. Xfs is not started by default in NetBSD and the X server contains only directories under /usr/X11R6/lib/X11/fonts in its font path. To prevent the local privilege escalation problem, remove the suid bit from the Xserver binary. This will mean that only root can start the X server. chmod u-s /usr/X11R6/bin/XFree86 Please note that removing the suid bit will NOT prevent a compromise due to malicious fonts. Fix: The following instructions describe how to upgrade your X binaries by updating your source tree and rebuilding and installing a new version of X. * NetBSD (all versions): Systems running NetBSD with X dated from before 2003-08-30 should be upgraded to NetBSD with X dated 2003-08-31 or later. Unlike the main NetBSD source tree (src), xsrc is not branched based on NetBSD versions. The following directories need to be updated from the netbsd CVS: xsrc/xc/lib/font/fc xsrc/xc/lib/FS xsrc/xfree/xc/lib/font/fc xsrc/xfree/xc/lib/FS To update from CVS, re-build, and re-install X: # cd xsrc # cvs update -d -P xc/lib/font/fc xc/lib/FS \ xfree/xc/lib/font/fc xfree/xc/lib/FS # make build (The 'build' target performs installation as well as compilation) Thanks To ========= Matthias Scheler Revision History ================ 2003-10-09 Initial release More Information ================ Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/. Copyright 2003, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2003-015.txt,v 1.4 2003/10/09 03:30:14 groo Exp $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (NetBSD) Comment: For info see http://www.gnupg.org iQCVAwUBP4V/2j5Ru2/4N2IFAQGksgQAgDjq8uINDBkHiA+xou+YcQjpQf5JGxCB JPxjNJQx7Huh5ysfzML353uQ/Xp7qmDzTen6rfbgucX/glWH4vOeBoDcFuDi0jbj WId1u2gsV87lFuMD365r6ZPnD1UikQuU5+0L2QQto9yXwSWsiUZvTW3/e2EKexAc c4vKGBzp4Rc= =UbHb -----END PGP SIGNATURE-----