SecurePurdue

Multiple Xserver and XInput Vulnerabilities

STEAM-ADVISORY NO. 2008012301

PURDUE UNIVERSITY SECURITY TEAM CIRT

23 January 11:47:00 EST 2008

==OVERVIEW==

Multiple vulnerabilities have been discovered in the server code of the X window system, which can cause an assortment of overflows. Local exploitation of these overflows cause the X server to crash or allow the execution of arbitrary code in certain situations.

==SYSTEMS AFFECTED==

~ * X.Org, Xserver, 1.4 and previous

~ * X.Org, XInput

==DETAILS==

Multiple memory corruption vulnerabilities exist in the X.Org X server, which can be exploited locally possibly allowing attackers to execute arbitrary code with the X server's privileges. The X server typically runs with root privileges.

(See resources section for full details of each vulnerability.)

The XInput extension's code has multiple function vulnerabilities. An attacker can exploit these vulnerabilities by sending specially crafted

X11 requests, which can allow the attacker to corrupt heap memory that is located after the attacker's request data.

(See resources section for full details of each vulnerability.)

==SOLUTIONS==

A fix for a select few of these vulnerabilities will be included in X.Org X server version 1.4.1. The other vulnerabilities are addressed via patches for X server versions 1.2 and 1.4 are currently available.

(See X.Org Advisory link in the resources section for the patch locations.)

==FURTHER INFORMATION AND RESOURCES==

X.Org Security Advisory: multiple vulnerabilities in the X server http://lists.freedesktop.org/archives/xorg/2008-January/031918.html

CVE-2007-5760

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5760

CVE-2007-5958

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5958

CVE-2007-6427

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6427

CVE-2007-6428

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6428

CVE-2007-6429