You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2006-05-02 14:27:31
- lumiwa
- Member
- Registered: 2005-12-26
- Posts: 712
Xorg - buffer overflow
I got a message:
Hash: SHA1
X.Org security advisory, May 2nd 2006
Buffer overflow in the Xrender extension of the X.Org server
CVE-ID: CVE-2006-1526
Overview:
A client of the X server using the X render extension is able to
send requests that will cause a buffer overflow in the server side of
the extension.
This overflow can be exploited by an authorized client to execute
malicious code inside the X server, which is generally running with
root privileges.
Vulnerability details:
An unfortunate typo ('&' instead of '*' in an expression) causes the
code to mis-compute the size of memory allocations in the
XRenderCompositeTriStrip and XRenderCompositeTriFan requests. Thus a
buffer that may be too small is used to store the parameters of the
request. On platforms where the ALLOCATE_LOCAL() macro is using
alloca(), this is a stack overflow, on other platforms this is a heap
overflow.
Affected versions:
X.Org 6.8.0 and later versions are vulnerable, as well as all individual
releases of the modular xorg-xserver package.
To check which version you have, run Xorg -version:
% Xorg -version
X Window System Version 7.0.0
Release Date: 21 December 2005
X Protocol Version 11, Revision 0, Release 7.0
Fix:
Apply the patch below to the source tree for the modular xorg-server
source package:
9a9356f86fe2c10985f1008d459fb272 xorg-server-1.0.x-mitri.diff
d6eba2bddac69f12f21785ea94397b206727ba93 xorg-server-1.0.x-mitri.diff
http://xorg.freedesktop.org/releases/X11R7.0/patches/
For X.Org 6.8.x or 6.9.0, apply one of the patches below:
d666925bfe3d76156c399091578579ae x11r6.9.0-mitri.diff
3d9da8bb9b28957c464d28ea194d5df50e2a3e5c x11r6.9.0-mitri.diff
http://xorg.freedesktop.org/releases/X11R6.9.0/patches/
d5b46469a65972786b57ed2b010c3eb2 xorg-68x-CVE-2006-1526.patch
f764a77a0da4e3af88561805c5c8e28d5c5b3058 xorg-68x-CVE-2006-1526.patch
http://xorg.freedesktop.org/releases/X11R6.8.2/patches/
Thanks:
We would like to thank Bart Massey who reported the issue.
Offline
#2 2006-05-02 20:04:04
- Gullible Jones
- Member
- Registered: 2004-12-29
- Posts: 4,863
Re: Xorg - buffer overflow
File a bug please, and make it Critical. Thx.
Offline
Pages: 1