23-Year-Old X11 Server Security Vulnerability Discovered 213
An anonymous reader writes "The recent report of X11/X.Org security in bad shape rings more truth today. The X.Org Foundation announced today that they've found a X11 security issue that dates back to 1991. The issue is a possible stack buffer overflow that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5. After the vulnerability being in the code-base for 23 years, it was finally uncovered via the automated cppcheck static analysis utility."
There's a scanf used when loading BDF fonts that can overflow using a carefully crafted font. Watch out for those obsolete early-90s bitmap fonts.
Re:Many eyes... (Score:5, Funny)
With enough Perl, all eyes are bleeding.
Re:Many eyes... (Score:5, Funny)
Let's see if that's true:
print "$#_ [@_]\n\n";
GAAAAAAAHHHHH!!!!!
OK, point taken.
Go ahead, just TRY a buffer overflow on my VAX (Score:5, Funny)
I'm running OpenBSD on my VAX. Go ahead. Try to exploit a buffer overflow on my home VAX cluster. If you can, then you deserve a prize because you've learned VAX machine code.
Re:Go ahead, just TRY a buffer overflow on my VAX (Score:4, Funny)
I'm tempted but the carbon footprint of the resulting 0wnage would probably be too great.
Re:Go ahead, just TRY a buffer overflow on my VAX (Score:4, Funny)
Just buy some carbon credits and you'll be back in the green.