|
Message-ID: <4F8F22B3.4020100@redhat.com> Date: Wed, 18 Apr 2012 14:23:15 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Kees Cook <keescook@...omium.org> Subject: Re: CVE request: Xorg input device format string flaw -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/18/2012 01:28 PM, Kees Cook wrote: > Hello, > > Adding an input device with a malicious name can trigger a format > string flaw in Xorg's logging subsystem. For builds of Xorg > lacking -D_FORTIFY_SOURCE=2 (or 32-bit systems lacking the fix to > fortify[1]) this can lead to arbitrary code execution as the Xorg > user, usually root. When built with fortify, this is a denial of > service, since Xorg will abort. > > Proposed solution patch series can be found here: 1/4 > http://patchwork.freedesktop.org/patch/10000/ 2/4 > http://patchwork.freedesktop.org/patch/9998/ 3/4 > http://patchwork.freedesktop.org/patch/9999/ 4/4 > http://patchwork.freedesktop.org/patch/10001/ > > -Kees > > [1] > http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e So > are you asking for just the device name issue covered in http://patchwork.freedesktop.org/patch/10001/ or something additional? E.g. the logging shenanigans in http://patchwork.freedesktop.org/patch/9999/ ? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPjyKzAAoJEBYNRVNeJnmTZIIQAIDlcZialKVe7hRljmOYQ/dw Gi+0mUR7vGe1hY4gFqoYjQfqsdOgQhHdfAU2j2l/BYJTwRpgAqs3ZcBLkCPsHWem 1dR1ZCpCyOIMu5GJE+bxD9kb8GQIABIaQeOfRv6GYedCr0b3rvEbnAHYgRD2N92r tjmtYcyoEkF8OtdzhOGZGdtyvLqJ0as90B3gISZO0lqO9uniyDKQDfUHj7/RW0ad uX5F3cylWY6Moi5NO2I7BprqKa4ulOTABDpHVZ8JR4RVI1qeSsPwiAq6tqI+dRg0 TCkYfQs+XHoKlAUx4azta0ts4WYQP67dx9wwR94vaHQtE0JdkYTYJEjBJTNlqODL jdvHJynanmHT+6OdOaQ+RGH2UTPo6ELl16eRW6PAd56HWuXq+wzJ7ZmiKI55EwU3 NgHLSWTRpgrjPQu50ZMCZu2mIqzooab09w2FJdhElAkYUNOfxOhGVX7SMo1S5S98 /1fRRu8qIanKz3TOIg1UvoYlsmhkPmzkODvQwYm8RVG9A/C7epud8Cesxe5+yzYQ 0otI1yIUcZe7jZ/zCEzafVcQbKKsoSmp1cbGwZGQGD0toYe0smU3bEoISn7m3ZmF eXj7jNn9F2tEA/KpkzIjlC2kLXe3yB4EjLb9Vr6tGtaX1SkuEKg3ip2JL7DNRsrt kUOuXzYUeVpUpu8Pvax4 =0t86 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.