CVE-2002-1472

Name of the Vulnerable Software and Affected Versions XFree86-xf86cfg version 4.2.1 XFree86-font-utils versions 4.2.1 through 4.2.1-21 XFree86-tools versions 4.2.1 through 4.2.1-21 XFree86-75dpi-fonts versions 4.2.1 through 4.2.1-21 XFree86-cyrillic-fonts versions 4.2.1 through 4.2.1-21 XFree86-doc versions 4.2.1 through 4.2.1-21 XFree86-ISO8859-15-100dpi-fonts versions 4.2.1 through 4.2.1-21 XFree86-ISO8859-2-100dpi-fonts versions 4.2.1 through 4.2.1-21 XFree86-100dpi-fonts versions 4.2.1 through 4.2.1-21 XFree86-libs versions 4.2.1 through 4.2.1-21 XFree86-xdm versions 4.2.1 through 4.2.1-21 XFree86-2-75dpi-fonts version 4.2.1 XFree86-twm versions 4.2.1 through 4.2.1-21 XFree86-xfs versions 4.2.1 through 4.2.1-21 XFree86-4.2.1 XFree86-Xnest versions 4.2.1 through 4.2.1-21 XFree86-Mesa-libGL versions 4.2.1 through 4.2.1-21 XFree86-ISO8859-9-75dpi-fonts versions 4.2.1 through 4.2.1-21 XFree86-ISO8859-9-100dpi-fonts versions 4.2.1 through 4.2.1-21 XFree86-devel versions 4.2.1 through 4.2.1-21 XFree86-Xvfb versions 4.2.1 through 4.2.1-21 XFree86-xauth version 4.2.1-21 XFree86-truetype-fonts versions 4.2.1 through 4.2.1-21 XFree86-ISO8859-15-75dpi-fonts versions 4.2.1 through 4.2.1-21 XFree86-base-fonts versions 4.2.1 through 4.2.1-21 XFree86-Mesa-libGLU version 4.2.1-21 XFree86-ISO8859-2-75dpi-fonts version 4.2.1-21

Description The issue involves multiple vulnerabilities in the XFree86 package of the Red Hat Linux operating system. These vulnerabilities can be exploited remotely and may lead to a breach of confidentiality, integrity, and availability of protected information. Additionally, an untrusted search path vulnerability in libX11.so, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD PRELOAD environment variable that points to a malicious module.

Recommendations For XFree86-xf86cfg version 4.2.1, update to a version that is not affected by the vulnerability. For XFree86-font-utils versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-tools versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-75dpi-fonts versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-cyrillic-fonts versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-doc versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-ISO8859-15-100dpi-fonts versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-ISO8859-2-100dpi-fonts versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-100dpi-fonts versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-libs versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-xdm versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-2-75dpi-fonts version 4.2.1, update to a version that is not affected by the vulnerability. For XFree86-twm versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-xfs versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-4.2.1, update to a version that is not affected by the vulnerability. For XFree86-Xnest versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-Mesa-libGL versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-ISO8859-9-75dpi-fonts versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-ISO8859-9-100dpi-fonts versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-devel versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-Xvfb versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-xauth version 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-truetype-fonts versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-ISO8859-15-75dpi-fonts versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-base-fonts versions 4.2.1 through 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-Mesa-libGLU version 4.2.1-21, update to a version that is not affected by the vulnerability. For XFree86-ISO8859-2-75dpi-fonts version 4.2.1-21, update to a version that is not affected by the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.