|
X.org X11 Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA28532
|
|
|
Release Date:
|
2008-01-18
|
|
Last Update:
|
2008-06-10
|
|
Popularity:
|
14,498 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
Privilege escalation
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | X Window System 11 (X11) 6.x
X Window System 11 (X11) 7.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Some vulnerabilities have been reported in X.org X11, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges.
1) An array indexing error within the XFree86 Misc extension can be exploited to execute arbitrary code by sending a specially crafted PassMessage request.
2) An integer overflow error within the EVI extension can be exploited to cause a heap-based buffer overflow via a specially crafted GetVisualInfo request.
3) An integer overflow error within the MIT-SHM extension can be exploited to overwrite arbitrary memory addresses by creating a pixmap with a specially calculated size.
4) An array indexing error within the "ProcGetReservedColormapEntries()" function from the TOG-CUP extension can be exploited to disclose arbitrary memory.
5) An error in multiple functions contained within the Xinput extension when swapping the byte order of received requests can be exploited to corrupt heap memory.
6) An error exists within the processing of security policy arguments when executing X. This can be exploited to determine the existence of restricted files by passing the file names as arguments to the "X -sp" command.
7) A boundary error exists within the X server when processing PCF fonts. This can be exploited to cause a buffer overflow via a PCF font containing a specially crafted PCF_BDF_ENCODINGS table with the difference between the "last col" and "first col" elements being greater than 255.
The vulnerabilities are reported in X.org X11 version R7.3 and prior.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
