Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
X Bug Security

23-Year-Old X11 Server Security Vulnerability Discovered 213

An anonymous reader writes "The recent report of X11/X.Org security in bad shape rings more truth today. The X.Org Foundation announced today that they've found a X11 security issue that dates back to 1991. The issue is a possible stack buffer overflow that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5. After the vulnerability being in the code-base for 23 years, it was finally uncovered via the automated cppcheck static analysis utility." There's a scanf used when loading BDF fonts that can overflow using a carefully crafted font. Watch out for those obsolete early-90s bitmap fonts.
This discussion has been archived. No new comments can be posted.

23-Year-Old X11 Server Security Vulnerability Discovered

Comments Filter:
  • by Anonymous Coward on Wednesday January 08, 2014 @11:20AM (#45897747)

    When was the last time you installed a "specially crafted" bdf font from anywhere?

    There are *much* worse actual security problems than this one, which in practice, wasn't much of a problem in its day several decades ago, and isn't a problem now...

    What's good is that the tools keep improving, and exposing problems...

    I sure wish Slashdot's editors would actually apply their brains to submissions, rather than cluttering up slashdot with things that aren't important; there will be security reports that actually matter for people to pay attention to....

  • by NoNonAlphaCharsHere ( 2201864 ) on Wednesday January 08, 2014 @11:26AM (#45897811)
    Granted, there aren't a lot of people going to scurry off and "carefully craft" a font in an obsolete format for a new 0-day 'sploit. Actually, it's the "23-years old" and "discovered by a (new) automated test" parts that are interesting. Possibly even slashworthy.

Man is an animal that makes bargains: no other animal does this-- no dog exchanges bones with another. -- Adam Smith