Vulnerability Note VU#102441

Multiple X servers fail to properly allocate memory for large pixmaps

Original Release date: 13 Sep 2005 | Last revised: 03 Nov 2005

Overview

Multiple X Window System servers contain a pixmap memory allocation flaw that may allow local users to execute code with elevated privileges.

Description

Multiple X Window System server applications share code that may contain a flaw in the memory allocation for large pixmaps. The affected products include the X.Org and XFree86 X server applications, possibly among others.

An integer overflow condition may result in a memory allocation request returning an allocated region that is incorrectly sized. The client may then be able to use the XDrawPoint() and XGetImage() functions to read and write to arbitrary locations in the X server's address space.

Impact

A malicious local authenticated attacker may be able to execute arbitrary code with the privileges of the X server.

Solution

Apply an update
Contact your vendor for updates, fixes, and workarounds.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Debian LinuxAffected07 Sep 200519 Sep 2005
Fedora ProjectAffected-19 Sep 2005
Gentoo LinuxAffected-19 Sep 2005
Mandriva, Inc.Affected07 Sep 200519 Sep 2005
Red Hat, Inc.Affected07 Sep 200529 Sep 2005
Slackware Linux Inc.Affected-26 Sep 2005
SUSE LinuxAffected07 Sep 200526 Sep 2005
Trustix Secure LinuxAffected-19 Sep 2005
HitachiNot Affected07 Sep 200519 Sep 2005
Apple Computer, Inc.Unknown07 Sep 200507 Sep 2005
Cray Inc.Unknown07 Sep 200507 Sep 2005
EMC, Inc. (formerly Data General Corporation)Unknown07 Sep 200507 Sep 2005
Engarde Secure LinuxUnknown07 Sep 200507 Sep 2005
F5 Networks, Inc.Unknown07 Sep 200507 Sep 2005
FreeBSD, Inc.Unknown07 Sep 200507 Sep 2005
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Luke Hutchison and Søren Sandmann Pedersen for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

  • CVE IDs: CAN-2005-2495
  • Date Public: 12 Sep 2005
  • Date First Published: 13 Sep 2005
  • Date Last Updated: 03 Nov 2005
  • Severity Metric: 7.42
  • Document Revision: 29

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.