[security-alerts] FW: [SA19900] X.Org X11 Render Extension Buffer Overflow Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> 
> TITLE:
> X.Org X11 Render Extension Buffer Overflow Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA19900
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/19900/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS, System access
> 
> WHERE:
> From local network
> 
> SOFTWARE:
> X Window System 11 (X11) 6.x
> http://secunia.com/product/3913/
> X Window System 11 (X11) 7.x
> http://secunia.com/product/8806/
> 
> DESCRIPTION:
> A vulnerability has been reported in X11, which can exploited by
> malicious people to cause a DoS (Denial of Service) and potentially
> compromise a vulnerable system.
> 
> The vulnerability is caused due to a buffer size calculation error
> within the XRender extension triangle handling code. This can be
> exploited by a client that is authorised to connect to the X server
> to cause a buffer overflow.
> 
> Successful exploitation may allow arbitrary code execution.
> 
> The vulnerability has been reported in X11R6.8.x, X11R6.9.0, and
> X11R7.0 (xorg-server 1.0.x).
> 
> SOLUTION:
> Apply patch.
> 
> -- X.Org Server (X11R7.0) --
> 
> http://xorg.freedesktop.org/releases/X11R7.0/patches/xorg-serv
er-1.0.x-mitri.diff
> 
> MD5: 9a9356f86fe2c10985f1008d459fb272
> SHA1: d6eba2bddac69f12f21785ea94397b206727ba93
> 
> -- X.Org Server (X11R6.9.0) --
> 
> http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9
> .0-mitri.diff
> 
> MD5: d666925bfe3d76156c399091578579ae
> SHA1: 3d9da8bb9b28957c464d28ea194d5df50e2a3e5c
> 
> -- X.Org Server (X11R6.8.2) --
> 
> http://xorg.freedesktop.org/releases/X11R6.8.2/patches/xorg-68
> x-CAN-2006-1526.patch
> 
> MD5: d5b46469a65972786b57ed2b010c3eb2
> SHA1: f764a77a0da4e3af88561805c5c8e28d5c5b3058
> 
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> 
> ORIGINAL ADVISORY:
> http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
> 
>