Slashdot Mirror

← Back to Stories (view on slashdot.org)

23-Year-Old X11 Server Security Vulnerability Discovered

Posted by Unknown on from the stack-smashing-for-fun-and-profit dept.

An anonymous reader writes "The recent report of X11/X.Org security in bad shape rings more truth today. The X.Org Foundation announced today that they've found a X11 security issue that dates back to 1991. The issue is a possible stack buffer overflow that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5. After the vulnerability being in the code-base for 23 years, it was finally uncovered via the automated cppcheck static analysis utility." There's a scanf used when loading BDF fonts that can overflow using a carefully crafted font. Watch out for those obsolete early-90s bitmap fonts.

5 of 213 comments (clear)

  1. Re:Many eyes... by Bacon+Bits · · Score: 5, Funny

    With enough Perl, all eyes are bleeding.

    --
    The road to tyranny has always been paved with claims of necessity.
  2. Re:Many eyes... by NoNonAlphaCharsHere · · Score: 4, Funny

    With enough Perl, all eyes are bleeding.

    Let's see if that's true:

    print "$#_ [@_]\n\n";

    GAAAAAAAHHHHH!!!!!
    OK, point taken.

  3. Go ahead, just TRY a buffer overflow on my VAX by thomasdz · · Score: 4, Funny

    I'm running OpenBSD on my VAX. Go ahead. Try to exploit a buffer overflow on my home VAX cluster. If you can, then you deserve a prize because you've learned VAX machine code.

    --
    Karma: Excellent. 15 moderator points expire sometime.
    1. Re:Go ahead, just TRY a buffer overflow on my VAX by Burz · · Score: 3, Funny

      I'm tempted but the carbon footprint of the resulting 0wnage would probably be too great.

    2. Re:Go ahead, just TRY a buffer overflow on my VAX by danomac · · Score: 3, Funny

      Just buy some carbon credits and you'll be back in the green.