|
|
|
|
| |
Credit:
The original articles can be found at:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=464
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=465
|
| |
Vulnerable Systems:
* X.Org server versions 7.1-1.1.0.
* Previous versions may also be affected.
Local exploitation of a memory corruption vulnerability in the "ProcRenderAddGlyphs" function lies within the Render extension. Insufficient input validation exists when allocating memory for glyph management data structures. (CVE-2006-6101)
Local exploitation of a memory corruption vulnerability in the "ProcDbeGetVisualInfo" function lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. (CVE-2006-6102)
Local exploitation of a memory corruption vulnerability in the "ProcDbeSwapBuffers" function lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. (CVE-2006-6103)
By sending a specially crafted X protocol request to specific extension, an attacker can cause an exploitable memory corruption condition.
Workaround:
Access to the vulnerable code can be prevented when the vulnerable extension is not built into the X binary. This can be accomplished by removing the entry for the DBE extension from your X server's configuration file, often stored in /etc/X11 and named xorg.conf or XF86Config-4. To do this, remove the following lines from the 'Module' section:
Load "DBE"
Load "render"
This will prevent the render extension from loading, which may affect the appearance or operation of some applications.
Disclosure Timeline:
* 12-04-06 - Initial vendor notification
* 12-05-06 - Initial vendor response
* 01-09-07 - Coordinated public disclosure
|
|
|
|
|
