|
X11 "_XKB_CHARSET" Buffer Overflow Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA21845
|
|
|
Release Date:
|
2006-09-11
|
|
|
Critical:
|

Less critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | X Window System 11 (X11) 6.x
|
|
|
Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS! |
|
|
Description: RISE Security has reported a vulnerability in libX11, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is due to a boundary error in libX11. This can be exploited to cause a buffer overflow via the "_XKB_CHARSET" environment variable when "DISPLAY" is set to a X Window System server with the XKEYBOARD extension enabled.
Successful exploitation allows arbitrary code execution with the privileges of the application dynamically linked to the library.
The vulnerability has been reported in version X11R6.4. Other versions may also be affected.
Solution: Update to version X11R6.5.1 or later.
Provided and/or discovered by: Adriano Lima and Filipe Balestra
Original Advisory: http://www.risesecurity.org/advisory/RISE-2006001.txt
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
15 Related Secunia Security Advisories, displaying 10
|
|
|
1. X.org X11 Multiple Vulnerabilities
|
|
2. X.org X11 Multiple Vulnerabilities
|
|
3. X.Org X11 X Font Server Multiple Vulnerabilities
|
|
4. X.Org X11 Multiple Vulnerabilities
|
|
5. X.Org X11 "DBE" and "Render" Extensions Vulnerabilities
|
|
6. X.Org X11 X Display Manager "Xsession" Script Security Issue
|
|
7. X11 libXfont CID Encoded Fonts Integer Overflows
|
|
8. X.Org X11 setuid Security Issues
|
|
9. X11 libXfont PCF Integer Overflow Vulnerability
|
|
10. X.Org X11 Render Extension Buffer Overflow Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|