Vulnerability Discovered in X Font Server
Two protocol handlers give attackers the ability to inject malicious code into X Font Server (XFS). Linux systems are only vulnerable to local attacks. The X Font Server is not accessible over networks by default.
The bug (CVE-2007-4568) in the handler for QueryXBitmap and QueryXExtents protocol requests can trigger integer overflows. In both protocols this triggers a call to the "build_range()" function which expects a 32 bit integer value with the request, and calculates the dynamic memory size. The calculation can overflow causing incorrect memory allocation. This results in a heap overflow. A second vulnerability affects the "swap_char2b()". Calling the function gives attackers the ability to store an arbitrary number of values on the heap. A successful exploit would give an attacker the ability to execute arbitrary code.
Security experts with Idefense tested a Solaris system. Solaris calls XFS by default on booting, and sets up the X Server to listen on port 7100, which would thus open up a remote attack vector. Idefense discovered the vulnerability in XFS version X11R7.2-1.0.4, although earlier versions may also be affected.
The X.org-Team has fixed the issue in the new XFS 1.0.5 Version. A patch is available for for version 1.0.4 (X11R7.3).
Issue 266/2023
Buy this issue as a PDF
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
Xfce 4.18 is Coming Soon and Offers Subtle Improvements
The Xfce team has announced the release date of the next iteration of the desktop, which includes a good number of features to polish the fan-favorite Linux UI.
-
Orange Pi Board Has Arch-Based Linux Distribution in the Works
The developers of the Orange Pi board are planning to release an Arch-based Linux distribution available for its hardware as an alternative to Orange Pi OS.
-
Alpine Linux 3.17 Now Available to the General Public
The developers of Alpine Linux have officially announced the release of the latest version of the security-focused Linux distribution.
-
The New StarFighter Linux Laptop Now Available for Preorder
A new, completely customizable Linux laptop is now available to preorder from Star Labs.
-
Critical Escalation Vulnerability Found in the Linux Kernel
A new local privilege escalation vulnerability has been discovered in the Linux kernel and users are encouraged to upgrade/patch immediately.
-
AlmaLinux 8.7 Now Available
The developers of AlmaLinux have released the latest version of the OS, named Stone Smilodon, to the general public.
-
New Arch-Based Linux Distribution Aims to be Beginner-Friendly
CachyOS has been created to serve as a Linux distribution for everyone, even while being based on the more complex Arch Linux.
-
elementary OS 7 Getting Closer to Release
The team behind elementary OS has announced they are now focused on putting the finishing touches on the next major release of the Linux distribution.
-
Nitrux 2.5 Released with Kernel 6.0 and KDE Plasma 5.26
Nitrux 2.5 has been officially released and is the first systemd-free distribution to include both kernel 6.0 and KDE Plasma 5.26.
-
Zorin OS 16.02 Now Available
Zorin OS 16.2 has been officially released just seven months after the first point release of the user-friendly Linux operating system.