Secure Coding mailing list archives

HNS - Biggest X Window security hole since 2000

From: fw at deneb.enyo.de (Florian Weimer)
Date: Mon, 08 May 2006 07:47:55 +0200

Certainly that part is OS-specific.  On my VMS machine, X-windows processes
do not run as root.


The X Window server needs elevated privileges because it can trigger
DMA on the graphics card (and thus read arbitrary memory, unless
you've got an IOMMU).  Chances are, however, that your VMS
implementation does not even support the Xrender extension.

Of course, the impact of this vulnerability is exaggerated in the
article.  Local privilege escalation vulnerabilties are numerous.

Current thread:

HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 Gadi Evron (May 04)
  - HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
    - HNS - Biggest X Window security hole since 2000 Greenarrow 1 (May 04)
- HNS - Biggest X Window security hole since 2000 ljknews (May 05)
  - HNS - Biggest X Window security hole since 2000 der Mouse (May 06)
    - HNS - Biggest X Window security hole since 2000 Robert C. Seacord (May 08)
    - HNS - Biggest X Window security hole since 2000 Tim Hollebeek (May 08)
  - HNS - Biggest X Window security hole since 2000 Florian Weimer (May 07)