Some vulnerabilities have been reported in X.org X11, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges.
1) An array indexing error within the XFree86 Misc extension can be exploited to execute arbitrary code by sending a specially crafted PassMessage request.
2) An integer overflow error within the EVI extension can be exploited to cause a heap-based buffer overflow via a specially crafted GetVisualInfo request.
3) An integer overflow error within the MIT-SHM extension can be exploited to overwrite arbitrary memory addresses by creating a pixmap with a specially calculated size.
4) An array indexing error within the "ProcGetReservedColormapEntries()" function from the TOG-CUP extension can be exploited to disclose arbitrary memory.
5) An error in multiple functions contained within the Xinput extension when swapping the byte order of received requests can be exploited to corrupt heap memory.
6) An error exists within the processing of security policy arguments when executing X. This can be exploited to determine the existence of restricted files by passing the file names as arguments to the "X -sp" command.
7) A boundary error exists within the X server when processing PCF fonts. This can be exploited to cause a buffer overflow via a PCF font containing a specially crafted PCF_BDF_ENCODINGS table with the difference between the "last col" and "first col" elements being greater than 255.
The vulnerabilities are reported in X.org X11 version R7.3 and prior.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: X.org X11 Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.