Debian Security Advisory 1294-1 - Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation.
041774f5d08c1a2248f7f5bfafc8394a37277b57085add582ddcb8a761ddaf62Gentoo Linux Security Advisory GLSA 200705-10 - The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. Versions less than 1.2.9-r4 are affected.
2fc25a79b7ffa81e21e6c4c5e2b22c388fa4a3033e765361858a4ee48158de8aMandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server.
3b1c1631f20743de09f36c1b9347ec5d750ad65a0831fd14b5f97665d3ee9d84Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. TightVNC uses some of the same code base as Xorg, and has the same vulnerable code.
330fcb42f22893aed5d9dc72a5e4c07dd0445ff1c5c94024359d87760efc0e63Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. Multiple integer overflows in the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.
c68398453cdd0da008a82f8abe40ea08649a33cada1190cb14fbbabea9298e8fUbuntu Security Notice 448-1 - Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with root privileges.
db2d0709dc9ce1e0901c0f8411756dd6f54fb3dd1dd76b940a08a73e2da41185iDefense Security Advisory 04.03.07 - Local exploitation of a memory corruption vulnerability in the multiple vendor's X server implementations could allow an attacker to execute arbitrary code with elevated privileges. The XC-MISC extension is used by the X Server to manage resource IDs. It is built in to the X server by default. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. Inside this function, the ALLOCATE_LOCAL() macro is used. This macro allocates memory on the stack or heap depending on the availability of the alloca() function. If alloca() is available, the stack is used, other wise the heap is used. Due to insufficient input validation, it is possible to cause memory corruption by passing specially crafted values to the ProcXCMiscGetXIDList() handler function. iDefense has confirmed the existence of this vulnerability in the X.org server version 7.1-1.1.0. Previous versions may also be affected.
92d6431bc2eac618696fe71be317a3e41abf731041247499cd91d9d0bc84454a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed