Vulnerability Note VU#102441
Multiple X servers fail to properly allocate memory for large pixmaps
Overview
Multiple X Window System servers contain a pixmap memory allocation flaw that may allow local users to execute code with elevated privileges.
Description
Multiple X Window System server applications share code that may contain a flaw in the memory allocation for large pixmaps. The affected products include the X.Org and XFree86 X server applications, possibly among others. An integer overflow condition may result in a memory allocation request returning an allocated region that is incorrectly sized. The client may then be able to use the XDrawPoint() and XGetImage() functions to read and write to arbitrary locations in the X server's address space. |
Impact
A malicious local authenticated attacker may be able to execute arbitrary code with the privileges of the X server. |
Solution
Apply an update |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Debian Linux | Affected | 07 Sep 2005 | 19 Sep 2005 |
| Fedora Project | Affected | - | 19 Sep 2005 |
| Gentoo Linux | Affected | - | 19 Sep 2005 |
| Mandriva, Inc. | Affected | 07 Sep 2005 | 19 Sep 2005 |
| Red Hat, Inc. | Affected | 07 Sep 2005 | 29 Sep 2005 |
| Slackware Linux Inc. | Affected | - | 26 Sep 2005 |
| SUSE Linux | Affected | 07 Sep 2005 | 26 Sep 2005 |
| Trustix Secure Linux | Affected | - | 19 Sep 2005 |
| Hitachi | Not Affected | 07 Sep 2005 | 19 Sep 2005 |
| Apple Computer, Inc. | Unknown | 07 Sep 2005 | 07 Sep 2005 |
| Cray Inc. | Unknown | 07 Sep 2005 | 07 Sep 2005 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 07 Sep 2005 | 07 Sep 2005 |
| Engarde Secure Linux | Unknown | 07 Sep 2005 | 07 Sep 2005 |
| F5 Networks, Inc. | Unknown | 07 Sep 2005 | 07 Sep 2005 |
| FreeBSD, Inc. | Unknown | 07 Sep 2005 | 07 Sep 2005 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166859
- https://bugs.freedesktop.org/show_bug.cgi?id=594
- http://secunia.com/advisories/16777/
- http://secunia.com/advisories/16790/
- https://rhn.redhat.com/errata/RHSA-2005-329.html
Credit
Thanks to Luke Hutchison and Søren Sandmann Pedersen for reporting this vulnerability.
This document was written by Ken MacInnis.
Other Information
- CVE IDs: CAN-2005-2495
- Date Public: 12 Sep 2005
- Date First Published: 13 Sep 2005
- Date Last Updated: 03 Nov 2005
- Severity Metric: 7.42
- Document Revision: 29
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.