Linux systems rely on it.
At the 30th Chaos Communication Congress (CCC) in Germany, Ilja van Sprundel, a security researcher gave the presentation titled "X11 Server security with being 'worse than it looks.'". He found more than 120 bugs in a few months.
In the presentation, he has presented a 23 year old Stack overflow vulnerability in X11 System that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5.
Later today, X.Org Foundation released a security Advisory, states “A BDF font file containing a longer than expected string could overflow the buffer on the stack. Testing in X servers built with Stack Protector resulted in an immediate crash when reading a user-provided specially crafted font.”
The flaw resides in a file at "libXfont/tree/src/bitmap/bdfread.c" and this LibXfont library used to handle fonts in all the X-servers, often working with root privilege. So a successful exploitation could lead to privilege escalation to root user.
The vulnerability assigned as CVE-2013-6462, was discovered using an automated cppcheck static analysis tool.
- X.Org libXfont 1.2.1
- X.Org libXfont 1.2.2
- X.Org libXfont 1.3.1
- X.Org libXfont 1.4.3
X.Org Foundation has released a patch for it, includes new version libXfont 1.4.7.
Subscribe Our Newsletter