CVE-2001-1409

Name of the Vulnerable Software and Affected Versions XFree86-xf86cfg versions 4.1.0 through 4.2.1 XFree86-font-utils versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-9-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-tools versions 4.1.0 through 4.2.1-21 XFree86-devel versions 4.1.0 through 4.2.1-21 XFree86-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-doc versions 4.1.0 through 4.2.1-21 XFree86-cyrillic-fonts versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-2-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-15-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-libs versions 4.1.0 through 4.2.1-21 XFree86-xdm versions 4.1.0 through 4.2.1-21 XFree86-Xnest versions 4.1.0 through 4.2.1-21 XFree86-xfs versions 4.1.0 through 4.2.1-21 XFree86-Mesa-libGL versions 4.1.0 through 4.2.1-21 XFree86-Mesa-libGLU versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-2-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-15-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-truetype-fonts versions 4.1.0 through 4.2.1-21 XFree86-base-fonts versions 4.1.0 through 4.2.1-21 XFree86-twm versions 4.1.0 through 4.2.1-21 XFree86-xauth versions 4.1.0 through 4.2.1-21 XFree86-Xvfb versions 4.1.0 through 4.2.1-21

Description The XFree86 package in Red Hat Linux has multiple vulnerabilities that can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The issue is related to insecure permissions in the /dev/dri directory, which can allow local users to replace or create files in the root file system.

Recommendations For each affected version of XFree86, update to a version that is not vulnerable to these issues. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available. For the dexconf issue in XFree86 Xserver 4.1.0-2, ensure that the /dev/dri directory has secure permissions to prevent local users from replacing or creating files in the root file system. Restrict access to the vulnerable modules and fonts to minimize the risk of exploitation. Avoid using the vulnerable packages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.