X.org Vulnerabilities Discovered

By

Security experts have discovered an attack that affects all previous versions of the popular Unix/Linux windowing system.

Security expert Ilja van Sprundel has identified a number of safety-critical bugs in the code of the X11 client libraries from X.org. X.org is the graphic display system used on most Linux and Unix-based systems. According to a note on the X.org developers list, the main reason for the large number of vulnerabilities is that the client libraries trust that the data sent by the X server satisfies the X11 protocol and is correct, but the code itself is susceptible to integer and buffer overflow attacks.
In the general case, the danger is minimized if the X server and X client programs run with the same user ID. However, in special cases, such as Set-UID programs, an intruder could use this attack to obtain root privileges. All previous versions of X.org are affected. Patches to the source code are available at the X.org site.

05/28/2013
comments powered by Disqus