Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Bodhisattva
Bodhisattva


Joined: 17 Apr 2002
Posts: 2602
Location: Raleigh, NC

PostPosted: Wed Feb 11, 2004 10:58 pm    Post subject: [ GLSA 200402-02 ] XFree86 Font Information File Buffer Over Reply with quote

Gentoo Linux Security Advisory

Title: XFree86 Font Information File Buffer Overflow (GLSA 200402-02)
Severity: high
Exploitable: local
Date: February 11, 2004
ID: 200402-02

Synopsis


Exploitation of a buffer overflow in the XFree86 Project Inc.'s XFree86 X
Window System allows local attackers to gain root privileges.


Background


XFree86, provides a client/server interface between display
hardware and the desktop environment while also providing both the
windowing infrastructure and a standardized API. XFree86 is
platform independent, network-transparent and extensible.


Affected Packages

Package: x11-base/xfree
Vulnerable: < 4.3.99.902-r1
Unaffected: = 4.2.1-r3
Unaffected: = 4.3.0-r4
Unaffected: >= 4.3.99.902-r1
Architectures: All supported architectures


Description


Exploitation of a buffer overflow in The XFree86 Window System
discovered by iDefence allows local attackers to gain root
privileges.

The problem exists in the parsing of the 'font.alias' file. The X
server (running as root) fails to check the length of the user
provided input, so a malicious user may craft a malformed
'font.alias' file causing a buffer overflow upon parsing,
eventually leading to the execution of arbitrary code.

To reproduce the overflow on the command line one can run:
Code:
# cat > fonts.dir <<EOF
    1
    word.bdf -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso8859-1
    EOF
    # perl -e 'print "0" x 1024 . "A" x 96 . "
"' > fonts.alias
    # X :0 -fp $PWD

{Some output removed}... Server aborting... Segmentation fault (core dumped)


Impact


Successful exploitation can lead to a root compromise provided
that the attacker is able to execute commands in the X11
subsystem. This can be done either by having console access to the
target or through a remote exploit against any X client program
such as a web-browser, mail-reader or game.


Workaround


No immediate workaround is available; a software upgrade is required.

Gentoo has released XFree 4.2.1-r3, 4.3.0-r4 and 4.3.99.902-r1 and
encourages all users to upgrade their XFree86
installations. Vulnerable versions are no longer available in
Portage.


Resolution


All users are recommended to upgrade their XFree86 installation:
Code:
# emerge sync
    # emerge -pv x11-base/xfree
    # emerge x11-base/xfree


References

CVE: CAN-2004-0083
Vulnerability:
XFree86 Font Information File Buffer Overflow


Last edited by GLSA on Mon Apr 14, 2014 4:16 am; edited 7 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum