Bug#232378: xfree86: XFree86 local expoitable buffer overflow (SECURITY)
Package: xfree86
Severity: serious
See
http://www.idefense.com/application/poi/display?id=72&type=vulnerabilities&flashstatus=false
and existing exploit in
http://www.securityfocus.com/archive/1/353493/2004-02-09/2004-02-15/0
the patch is available from
ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes/fontfile.diff
Affected is both Woody and Sarge/Unstable.
Description:
Exploitation of a buffer overflow in The XFree86 Project Inc.'s XFree86
X Window System allows local attackers to gain root privileges.
The problem specifically exists in the parsing of the 'font.alias' file.
The X server (running as root) fails to check the length of user
provided input. A malicious user may craft a malformed 'font.alias'
file causing a buffer overflow upon parsing, eventually leading to the
execution of arbitrary code.
Successful exploitation requires that an attacker be able to execute
commands in the X11 subsystem. This can be done either by having console
access to the target or through a remote exploit against any X client
program such as a web-browser, mail-reader or game. Successful
exploitation yields root access.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux g35 2.4.24-nfsacl-libata-drbd-up #1 Mon Jan 5 22:37:02 CET 2004 i686
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8
Reply to: