SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   XFree Vendors:   XFree86 Project
XFree86 Buffer Overflow May Cause Denial of Service Conditions
SecurityTracker Alert ID:  1002961
SecurityTracker URL:  http://securitytracker.com/id/1002961
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 13 2001
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 4.1.0
Description:   A buffer overflow vulnerability was reported in XFree86 that may be exploitable by certain applications.

A user reports that K Desktop can be made to crash the X Server. A local user can use the Konqueror web browser with a long input in a search box. When the search is submitted, the X Server will crash. However, the vulnerability lies in XFree86 and not the KDE utilities. The vulnerability is reportedly in the file /xf86/xc/programs/Xserver/fb/fbglyph.c.
Impact:   A local user can crash the X server. Other applications that use XFree86 may provide alternate exploit paths.
Solution:   The flaw has been fixed in version 4.1.0, available from the Vendor URL.
Vendor URL:  www.xfree86.org/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Issues Fix) Re: XFree86 Buffer Overflow May Cause Denial of Service Conditions
The vendor has released a fix.


 Source Message Contents
Date:  Fri, 7 Dec 2001 21:26:53 +0000
Subject:  Crashing X


I have discovered a little bug in K Desktop 2.1.2 that crashes your X Server.

By using the konqueror web browser and inputting around 9000+ A's (or 
whatever) into a search box (for instance www.yahoo.com's web search box) - 
this will crash your X environment.

I have successfully done it using 9000 A's on one search box (crashing X 
instantly),  then I used 90'000 and it also worked - but without immediate 
effect (took a few seconds).

It also sometimes seems to work by just pasting 900000 A's into a search box 
and before it even displays the A's X crashes.  (note: If you want it to 
display the A's before X crashes paste 9000, then as soon as you click to 
start the search - its bye bye X).

Sorry but I can only test it on KDE 2.1.2, because I have no other systems 
available right now.

By the way:

[smackenz@mainframe smackenz]$ uname -a  
Linux mainframe 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown
(Rehat 7.1)
(KDE 2.1.2)
(this works in Gnome and KDE using with the konqueror web browser)

To test simply use a shell and type:

perl -e 'print "A" x 9000'

Then copy these, and paste them into a search form.

Also I tried this in netscape and it didn't work so it suggests its a 
konqueror error somewhere or other.

Cheers

Scott Mackenzie


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC