SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Xserver Vendors:   X.org
(NetBSD Issues Fix) Xserver Use-After-Free in Processing ImageText Requests Lets Remote Authenticated Users Deny Service
SecurityTracker Alert ID:  1029335
SecurityTracker URL:  http://securitytracker.com/id/1029335
CVE Reference:   CVE-2013-4396   (Links to External Site)
Date:  Nov 13 2013
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Xserver. A remote authenticated user can cause denial of service conditions.

A remote authenticated X client can trigger a use-after-free memory error in the processing of ImageText requests to cause the target X server to crash.

Pedro Ribeiro reported this vulnerability.

Impact:   A remote authenticated user can cause the target X server to crash.
Solution:   NetBSD has issued a fix.

The NetBSD advisory is available at:

http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-010.txt.asc

Vendor URL:  x.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (NetBSD)
Underlying OS Comments:  5.1, 5.2, 6.0, 6.1

Message History:   This archive entry is a follow-up to the message listed below.
Oct 8 2013 Xserver Use-After-Free in Processing ImageText Requests Lets Remote Authenticated Users Deny Service



 Source Message Contents

Subject:  NetBSD Security Advisory 2013-010: Use after free in Xserver handling of ImageText requests

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		NetBSD Security Advisory 2013-010
		=================================

Topic:		Use after free in Xserver handling of ImageText requests


Version:	NetBSD-current:		source prior to Oct 8th, 2013
		NetBSD 6.1 - 6.1.2:	affected
		NetBSD 6.0 - 6.0.3:	affected
		NetBSD 5.1 - 5.1.2:	affected
		NetBSD 5.2:		affected

Severity:	DoS, potential Code Execution

Fixed:		NetBSD-current:		Oct 8th, 2013
		NetBSD-6-0 branch:	Oct 12th, 2013
		NetBSD-6-1 branch:	Oct 12th, 2013
		NetBSD-6 branch:	Oct 12th, 2013
		NetBSD-5-2 branch:	Oct 13th, 2013
		NetBSD-5-1 branch:	Oct 13th, 2013
		NetBSD-5 branch:	Oct 13th, 2013

Teeny versions released later than the fix date will contain the fix.

Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

An authenticated X11 client can cause an X11 server to use memory after
it was freed, potentially leading to a crash and/or memory corruption.

This vulnerability has been assigned CVE-2013-4396.


Technical Details
=================

A use-after-free vulnerability in the doImageText function in
dix/dixfonts.c in the X server allows remote authenticated users
to cause a denial of service or to conceivably execute arbitrary
code via a crafted ImageText request that triggers memory-allocation
failure.

The error was present in X11R6, and thus is in both XFree and Xorg.


Solutions and Workarounds
=========================

Workaround: don't let untrustworthy clients (i.e. both other networked
servers and clients as well as graphical programs) attach to your X11
server.

Solutions:

- - Update the Xserver from a daily build later than the fix date:
  fetch from
  http://nyftp.NetBSD.org/pub/NetBSD-daily/<branch>/<date>/<arch>/
  the file binary/sets/xserver.tgz

  cd / && tar xzpf <path/to/xserver.tgz>

- - rebuild your system with the fix applied:

  Files to fix are:
  XFree: 	xsrc/xfree/xc/programs/Xserver/dix/dixfonts.c
  XOrg:		xsrc/external/mit/xorg-server/dist/dix/dixfonts.c
  
  Xorg fixed versions are:
  HEAD		1.2
  netbsd-6	1.1.1.5.2.1
  netbsd-6-1	1.1.1.5.6.1
  netbsd-6-0	1.1.1.5.4.1
  netbsd-5	1.1.1.1.2.2
  netbsd-5-2	1.1.1.1.2.1.4.1
  netbsd-5-1	1.1.1.1.2.1.2.1
  
  Xfree fixed versions are:
  HEAD		1.4
  netbsd-6	1.3.2.1
  netbsd-6-1	1.3.6.1
  netbsd-6-0	1.3.4.1
  netbsd-5	1.2.8.1
  netbsd-5-2	1.2.14.1
  netbsd-5-1	1.2.12.1

  Don't forget the -x argument for build.sh.


Thanks To
=========

Thanks to X.Org for their advisory, which this one liberally derives
from.


Revision History
================

	2013-11-13	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-010.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .


Copyright 2013, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2013-010.txt,v 1.2 2013/11/13 00:44:05 tonnerre Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (NetBSD)

iQIcBAEBAgAGBQJSgstiAAoJEAZJc6xMSnBu9IcP/AhWZhOeFqW+InE8k3AmM9Lk
ZagmXSi7WUt9TQq5Z8/MFGCFpT/rbfsXJmo0t2b6yJZXc7u5zAn689QMU7Dapqnl
SwXDLwYnGwjfQW7D+0XwBqBZ/u5Qeg4q0jAgydMYaKOt0R6nULJR+y4I3wgsUpcT
mHogImFBd2Czhg3aIzmyYa/81oK6MRsNw3hHM+rYGldH5ulb3h3qbl/7nCCZMqLW
PojD9jMpzj/qfneNSDSYPA2pb1UbkPAXzdynw8pvdd2kKFspj/Li/fcXE4Pilj0M
5S+e69kK/dPl6JPjcH4FGzVVILZzJYL7JWoMJbi0xP5O9zLBJm0uk0VV1CyN5Awz
7mimttl3Ee+S5YcRi6Dp1yDI/0va9QTj4PBLMpJUmPSweMdftwZzzIwifMdyqwCZ
KiGVHR2MtKyuHiBy2dN6FYvle1hOVOrSWb5fQ8Grahi7/2anITCC5g+q0Br82Ujl
YkitMbSAyB7v4KXGBjUJ99hEAFFHWvansZKT2wZxzCKeY/rx+kGhwbzUmlT/y5U0
b3XmwhpXllTeaOVlY75TROtrJUcOLo7FfoP1lcMyBsr/1BtCOtL3lQAhAzI43l0D
HAx8DwBf79/tBgBNBc7w8JLZO5ZViycyWoTqcRE1b4TN7ODZMCrKvhAnlONUTDU7
9w9CJUE8bWxllg8Cfuhf
=WHDD
-----END PGP SIGNATURE-----
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC