Title: GTK Shared Memory Permissions Vulnerability
Severity: MODERATE
Description:
GTK is the Gimp Toolkit, a freely available, open source graphics library program.
A problem in GTK makes arbitrary access to shared memory possible with some applications. The problem is in the default implementation of shared memory permissions.
When a program linked to GTK is run and creates a shared memory segment, the memory segment is created insecurely. The default implementation of GTK creates all shared memory segments with permissions of 0777. This design gives full world read, write, and execute access for any data contained in the segment to all processes.
This could result in the leakage of sensitive information by an application linked with GTK that stores the information in the shared memory segment. It may be possible to crash or otherwise exploit processes which use the segment by modifying data. This is entirely dependent on what is being stored and the application code.
XMMS and Mozilla are two examples of applications vulnerable to this problem.
Affected Products:
- GTK GTK+ 1.2.10
- XMMS XMMS 1.2.5
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
