Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Apr 2012 14:23:15 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Kees Cook <keescook@...omium.org>
Subject: Re: CVE request: Xorg input device format string flaw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/18/2012 01:28 PM, Kees Cook wrote:
> Hello,
> 
> Adding an input device with a malicious name can trigger a format 
> string flaw in Xorg's logging subsystem. For builds of Xorg
> lacking -D_FORTIFY_SOURCE=2 (or 32-bit systems lacking the fix to
> fortify[1]) this can lead to arbitrary code execution as the Xorg
> user, usually root. When built with fortify, this is a denial of
> service, since Xorg will abort.
> 
> Proposed solution patch series can be found here: 1/4
> http://patchwork.freedesktop.org/patch/10000/ 2/4
> http://patchwork.freedesktop.org/patch/9998/ 3/4
> http://patchwork.freedesktop.org/patch/9999/ 4/4
> http://patchwork.freedesktop.org/patch/10001/
> 
> -Kees
> 
> [1]
> http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e

So
> 
are you asking for just the device name issue covered in

http://patchwork.freedesktop.org/patch/10001/

or something additional? E.g. the logging shenanigans in
http://patchwork.freedesktop.org/patch/9999/ ?


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPjyKzAAoJEBYNRVNeJnmTZIIQAIDlcZialKVe7hRljmOYQ/dw
Gi+0mUR7vGe1hY4gFqoYjQfqsdOgQhHdfAU2j2l/BYJTwRpgAqs3ZcBLkCPsHWem
1dR1ZCpCyOIMu5GJE+bxD9kb8GQIABIaQeOfRv6GYedCr0b3rvEbnAHYgRD2N92r
tjmtYcyoEkF8OtdzhOGZGdtyvLqJ0as90B3gISZO0lqO9uniyDKQDfUHj7/RW0ad
uX5F3cylWY6Moi5NO2I7BprqKa4ulOTABDpHVZ8JR4RVI1qeSsPwiAq6tqI+dRg0
TCkYfQs+XHoKlAUx4azta0ts4WYQP67dx9wwR94vaHQtE0JdkYTYJEjBJTNlqODL
jdvHJynanmHT+6OdOaQ+RGH2UTPo6ELl16eRW6PAd56HWuXq+wzJ7ZmiKI55EwU3
NgHLSWTRpgrjPQu50ZMCZu2mIqzooab09w2FJdhElAkYUNOfxOhGVX7SMo1S5S98
/1fRRu8qIanKz3TOIg1UvoYlsmhkPmzkODvQwYm8RVG9A/C7epud8Cesxe5+yzYQ
0otI1yIUcZe7jZ/zCEzafVcQbKKsoSmp1cbGwZGQGD0toYe0smU3bEoISn7m3ZmF
eXj7jNn9F2tEA/KpkzIjlC2kLXe3yB4EjLb9Vr6tGtaX1SkuEKg3ip2JL7DNRsrt
kUOuXzYUeVpUpu8Pvax4
=0t86
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.