VULHUB ™

XFree86 utilities may be prone to a locally exploitable vulnerability due to insufficient bounds checking of data supplied via the XLOCALEDIR environment variable. This is a variant of the issue described in BID 7002, but is reported to affect XFree86 4.3.0 and the buffer required to trigger the condition may also vary. This poses a security risk with utilities that are setuid/setgid. However, it is possible that some utilities may drop privileges before exploitation can occur. It has not been established that this issue may be exploited to gain elevated privileges.

XFree86 utilities may be prone to a locally exploitable vulnerability due to insufficient bounds checking of data supplied via the XLOCALEDIR environment variable. This is a variant of the issue described in BID 7002, but is reported to affect XFree86 4.3.0 and the buffer required to trigger the condition may also vary. This poses a security risk with utilities that are setuid/setgid. However, it is possible that some utilities may drop privileges before exploitation can occur. It has not been established that this issue may be exploited to gain elevated privileges.