Slashdot Mirror

← Back to Stories (view on slashdot.org)

23-Year-Old X11 Server Security Vulnerability Discovered

Posted by Unknown on from the stack-smashing-for-fun-and-profit dept.

An anonymous reader writes "The recent report of X11/X.Org security in bad shape rings more truth today. The X.Org Foundation announced today that they've found a X11 security issue that dates back to 1991. The issue is a possible stack buffer overflow that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5. After the vulnerability being in the code-base for 23 years, it was finally uncovered via the automated cppcheck static analysis utility." There's a scanf used when loading BDF fonts that can overflow using a carefully crafted font. Watch out for those obsolete early-90s bitmap fonts.

2 of 213 comments (clear)

  1. Re:Many eyes... by smash · · Score: 0, Flamebait

    LINUX PLUS X11 IS MORE SECURE THAN WINDOWS WILL EVER BE AND I WONT HEAR ANYUONE SAY OTHERWISE!!1

    ... Makes for falling behind everyone else.

    Now, i need to fill the text box with lowercase letters to get rid of the caps warning.

    --
    I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  2. Re:Many eyes... by RoverDaddy · · Score: 0, Flamebait

    Sorry, posting to remove erroneous moderation. Me and my clumsy fingers. Consider yourself getting +1 Funny.

    --
    RETURN without GOSUB in line 1050