oss-sec mailing list archives
Re: CVE request: Xorg input device format string flaw
From: Kees Cook <keescook () chromium org>
Date: Wed, 18 Apr 2012 13:37:21 -0700
On Wed, Apr 18, 2012 at 1:23 PM, Kurt Seifried <kseifried () redhat com> wrote:
On 04/18/2012 01:28 PM, Kees Cook wrote:Hello, Adding an input device with a malicious name can trigger a format string flaw in Xorg's logging subsystem. For builds of Xorg lacking -D_FORTIFY_SOURCE=2 (or 32-bit systems lacking the fix to fortify[1]) this can lead to arbitrary code execution as the Xorg user, usually root. When built with fortify, this is a denial of service, since Xorg will abort. Proposed solution patch series can be found here: 1/4 http://patchwork.freedesktop.org/patch/10000/ 2/4 http://patchwork.freedesktop.org/patch/9998/ 3/4 http://patchwork.freedesktop.org/patch/9999/ 4/4 http://patchwork.freedesktop.org/patch/10001/ -Kees [1] http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6eSoare you asking for just the device name issue covered in http://patchwork.freedesktop.org/patch/10001/
Yeah, but I wanted to point to the entire patch series, since that fix, I think, depends on pieces from the others. -Kees -- Kees Cook Chrome OS Security
Current thread:
- CVE request: Xorg input device format string flaw Kees Cook (Apr 18)
- Re: CVE request: Xorg input device format string flaw Kurt Seifried (Apr 18)
- Re: CVE request: Xorg input device format string flaw Kees Cook (Apr 18)
- Re: CVE request: Xorg input device format string flaw Kurt Seifried (Apr 18)
- Re: CVE request: Xorg input device format string flaw Kees Cook (Apr 18)
- Re: CVE request: Xorg input device format string flaw Kurt Seifried (Apr 18)