(NetBSD Issues Fix) Xserver Use-After-Free in Processing ImageText Requests Lets Remote Authenticated Users Deny Service
SecurityTracker Alert ID: 1029335|
SecurityTracker URL: http://securitytracker.com/id/1029335
(Links to External Site)
Date: Nov 13 2013
Denial of service via network|
Fix Available: Yes Vendor Confirmed: Yes |
A vulnerability was reported in Xserver. A remote authenticated user can cause denial of service conditions.|
A remote authenticated X client can trigger a use-after-free memory error in the processing of ImageText requests to cause the target X server to crash.
Pedro Ribeiro reported this vulnerability.
A remote authenticated user can cause the target X server to crash.|
NetBSD has issued a fix.|
The NetBSD advisory is available at:
Vendor URL: x.org/ (Links to External Site)
Access control error|
|Underlying OS: UNIX (NetBSD)|
|Underlying OS Comments: 5.1, 5.2, 6.0, 6.1|
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Subject: NetBSD Security Advisory 2013-010: Use after free in Xserver handling of ImageText requests|
-----BEGIN PGP SIGNED MESSAGE-----
NetBSD Security Advisory 2013-010
Topic: Use after free in Xserver handling of ImageText requests
Version: NetBSD-current: source prior to Oct 8th, 2013
NetBSD 6.1 - 6.1.2: affected
NetBSD 6.0 - 6.0.3: affected
NetBSD 5.1 - 5.1.2: affected
NetBSD 5.2: affected
Severity: DoS, potential Code Execution
Fixed: NetBSD-current: Oct 8th, 2013
NetBSD-6-0 branch: Oct 12th, 2013
NetBSD-6-1 branch: Oct 12th, 2013
NetBSD-6 branch: Oct 12th, 2013
NetBSD-5-2 branch: Oct 13th, 2013
NetBSD-5-1 branch: Oct 13th, 2013
NetBSD-5 branch: Oct 13th, 2013
Teeny versions released later than the fix date will contain the fix.
Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.
An authenticated X11 client can cause an X11 server to use memory after
it was freed, potentially leading to a crash and/or memory corruption.
This vulnerability has been assigned CVE-2013-4396.
A use-after-free vulnerability in the doImageText function in
dix/dixfonts.c in the X server allows remote authenticated users
to cause a denial of service or to conceivably execute arbitrary
code via a crafted ImageText request that triggers memory-allocation
The error was present in X11R6, and thus is in both XFree and Xorg.
Solutions and Workarounds
Workaround: don't let untrustworthy clients (i.e. both other networked
servers and clients as well as graphical programs) attach to your X11
- - Update the Xserver from a daily build later than the fix date:
the file binary/sets/xserver.tgz
cd / && tar xzpf <path/to/xserver.tgz>
- - rebuild your system with the fix applied:
Files to fix are:
Xorg fixed versions are:
Xfree fixed versions are:
Don't forget the -x argument for build.sh.
Thanks to X.Org for their advisory, which this one liberally derives
2013-11-13 Initial release
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .
Copyright 2013, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2013-010.txt,v 1.2 2013/11/13 00:44:05 tonnerre Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (NetBSD)
-----END PGP SIGNATURE-----