Linux systems rely on it.
At the 30th Chaos Communication Congress (CCC) in Germany, Ilja van Sprundel, a security researcher gave the presentation titled "X11 Server security with being 'worse than it looks.'". He found more than 120 bugs in a few months.
In the presentation, he has presented a 23 year old Stack overflow vulnerability in X11 System that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5.
Later today, X.Org Foundation released a security Advisory, states “A BDF font file containing a longer than expected string could overflow the buffer on the stack. Testing in X servers built with Stack Protector resulted in an immediate crash when reading a user-provided specially crafted font.”
The flaw resides in a file at "libXfont/tree/src/bitmap/bdfread.c" and this LibXfont library used to handle fonts in all the X-servers, often working with root privilege. So a successful exploitation could lead to privilege escalation to root user.
The vulnerability assigned as CVE-2013-6462, was discovered using an automated cppcheck static analysis tool.
- X.Org libXfont 1.2.1
- X.Org libXfont 1.2.2
- X.Org libXfont 1.3.1
- X.Org libXfont 1.4.3
X.Org Foundation has released a patch for it, includes new version libXfont 1.4.7.
Want more Interesting News like this? Sign up here to receive the best of 'The Hacker News' delivered daily straight to your inbox.
Subscribe for Updates