Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

X.org Foundation Information for VU#633257

Date Notified:
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

X.Org security advisory, May 2nd 2006
Buffer overflow in the Xrender extension of the X.Org server
CVE-ID: CVE-2006-1526

Overview:

A client of the X server using the X render extension is able to
send requests that will cause a buffer overflow in the server side of
the extension.
This overflow can be exploited by an authorized client to execute
malicious code inside the X server, which is generally running with
root privileges.

Vulnerability details:

An unfortunate typo ('&' instead of '*' in an expression) causes the
code to mis-compute the size of memory allocations in the
XRenderCompositeTriStrip and XRenderCompositeTriFan requests.  Thus a
buffer that may be too small is used to store the parameters of the
request. On platforms where the ALLOCATE_LOCAL() macro is using
alloca(), this is a stack overflow, on other platforms this is a heap
overflow.

Affected versions:

X.Org 6.8.0 and later versions are vulnerable, as well as all individual
releases of the modular xorg-xserver package.

To check which version you have, run Xorg -version:
% Xorg -version
X Window System Version 7.0.0
Release Date: 21 December 2005
X Protocol Version 11, Revision 0, Release 7.0

Fix:

Apply the patch below to the source tree for the modular xorg-server
source package:

9a9356f86fe2c10985f1008d459fb272           xorg-server-1.0.x-mitri.diff
d6eba2bddac69f12f21785ea94397b206727ba93   xorg-server-1.0.x-mitri.diff
http://xorg.freedesktop.org/releases/X11R7.0/patches/

For X.Org 6.8.x or 6.9.0, apply one of the patches below:

d666925bfe3d76156c399091578579ae           x11r6.9.0-mitri.diff
3d9da8bb9b28957c464d28ea194d5df50e2a3e5c   x11r6.9.0-mitri.diff
http://xorg.freedesktop.org/releases/X11R6.9.0/patches/

d5b46469a65972786b57ed2b010c3eb2          xorg-68x-CVE-2006-1526.patch
f764a77a0da4e3af88561805c5c8e28d5c5b3058  xorg-68x-CVE-2006-1526.patch
http://xorg.freedesktop.org/releases/X11R6.8.2/patches/

Thanks:

We would like to thank Bart Massey who reported the issue.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iQCVAwUBRFdnIXKGCS6JWssnAQJe5gP/cP29g04rwqZil8tYD4bGpjb/cW1tAlyd
T47I9qBg8asATow0HROiq8SuoG2B4g07InAZfvbdCERebYpk6lEO2L4os/4bmRW2
qG2n29a8+WfRJ0hiLwVEiLxeMtNTnK/Rh3Qsb2dhTvSWhpnuiji2IzVqVjurwCyu
RKDGgq6q/k8=
=IA5Z
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information