x11vnc terminated due to buffer overflow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
x11vnc-xinetd |
Fix Released
|
Unknown
|
|||
x11vnc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Ubuntu 13.04, up to date.
I copy the .Xauthority file to a seperate location and give it correct permissions. Then, using su with the user owning .Xauthority, I connect VNC. It is stable. Until I try to connect with remmina. I get an instant buffer overflow.
I also tried UltraVNC viewer (Windows), same result.
root@Delta:~# su -c "x11vnc -rfbport 57090 -display WAIT::0 -auth "$XAUTHORITY_VNC" -forever -shared -noremote" nobody
01/05/2013 11:20:43 x11vnc version: 0.9.13 lastmod: 2011-08-10 pid: 15126
01/05/2013 11:20:43
01/05/2013 11:20:43 wait_for_client: WAIT::0
01/05/2013 11:20:43
01/05/2013 11:20:43 initialize_screen: fb_depth/
01/05/2013 11:20:43
01/05/2013 11:20:43 Listening for VNC connections on TCP port 57090
01/05/2013 11:20:43 rfbListenOnTCP6
01/05/2013 11:20:43 listen6: socket: Address family not supported by protocol
01/05/2013 11:20:43 (Ignore the above error if this system is IPv4-only.)
01/05/2013 11:20:43 Not listening on IPv6 interface.
01/05/2013 11:20:43
The VNC desktop is: Delta:51190
01/05/2013 11:20:43 possible aliases: Delta:57090, Delta::57090
PORT=57090
*** buffer overflow detected ***: x11vnc terminated
======= Backtrace: =========
/lib/i386-
/lib/i386-
/lib/i386-
/usr/lib/
/usr/lib/
/usr/lib/
x11vnc[0x80f2a39]
x11vnc[0x80d67f1]
x11vnc[0x8056db1]
/lib/i386-
x11vnc[0x80632f5]
======= Memory map: ========
08048000-08194000 r-xp 00000000 08:02 32610 /usr/bin/x11vnc
08194000-08195000 r--p 0014b000 08:02 32610 /usr/bin/x11vnc
08195000-081da000 rw-p 0014c000 08:02 32610 /usr/bin/x11vnc
081da000-083b5000 rw-p 00000000 00:00 0
0a302000-0a323000 rw-p 00000000 00:00 0 [heap]
b6dc3000-b6dde000 r-xp 00000000 08:02 168 /lib/i386-
b6dde000-b6ddf000 r--p 0001a000 08:02 168 /lib/i386-
b6ddf000-b6de0000 rw-p 0001b000 08:02 168 /lib/i386-
b6df3000-b6f24000 rw-p 00000000 00:00 0
b6f24000-b6f2b000 r-xp 00000000 08:02 237 /lib/i386-
b6f2b000-b6f2c000 r--p 00006000 08:02 237 /lib/i386-
b6f2c000-b6f2d000 rw-p 00007000 08:02 237 /lib/i386-
b6f2d000-b6f2e000 rw-p 00000000 00:00 0
b6f2e000-b6f33000 r-xp 00000000 08:02 22616 /usr/lib/
b6f33000-b6f34000 r--p 00004000 08:02 22616 /usr/lib/
b6f34000-b6f35000 rw-p 00005000 08:02 22616 /usr/lib/
b6f35000-b6f37000 r-xp 00000000 08:02 22614 /usr/lib/
b6f37000-b6f38000 r--p 00001000 08:02 22614 /usr/lib/
b6f38000-b6f39000 rw-p 00002000 08:02 22614 /usr/lib/
b6f39000-b6f4b000 r-xp 00000000 08:02 22515 /usr/lib/
b6f4b000-b6f4c000 r--p 00011000 08:02 22515 /usr/lib/
b6f4c000-b6f4d000 rw-p 00012000 08:02 22515 /usr/lib/
b6f4d000-b6f5d000 r-xp 00000000 08:02 22517 /usr/lib/
b6f5d000-b6f5e000 r--p 0000f000 08:02 22517 /usr/lib/
b6f5e000-b6f5f000 rw-p 00010000 08:02 22517 /usr/lib/
b6f5f000-b6f62000 r-xp 00000000 08:02 22511 /lib/i386-
b6f62000-b6f63000 r--p 00002000 08:02 22511 /lib/i386-
b6f63000-b6f64000 rw-p 00003000 08:02 22511 /lib/i386-
b6f64000-b6f65000 rw-p 00000000 00:00 0
b6f65000-b6fad000 r-xp 00000000 08:02 158 /lib/i386-
b6fad000-b6fae000 r--p 00047000 08:02 158 /lib/i386-
b6fae000-b6faf000 rw-p 00048000 08:02 158 /lib/i386-
b6faf000-b6fcf000 r-xp 00000000 08:02 22618 /usr/lib/
b6fcf000-b6fd0000 r--p 0001f000 08:02 22618 /usr/lib/
b6fd0000-b6fd1000 rw-p 00020000 08:02 22618 /usr/lib/
b6fd1000-b6fd9000 r-xp 00000000 08:02 25560 /usr/lib/
b6fd9000-b6fda000 r--p 00007000 08:02 25560 /usr/lib/
b6fda000-b6fdb000 rw-p 00008000 08:02 25560 /usr/lib/
b6fdb000-b6fde000 r-xp 00000000 08:02 160 /lib/i386-
b6fde000-b6fdf000 r--p 00002000 08:02 160 /lib/i386-
b6fdf000-b6fe0000 rw-p 00003000 08:02 160 /lib/i386-
b6fe0000-b70a0000 r-xp 00000000 08:02 22520 /usr/lib/
b70a0000-b70a4000 r--p 000bf000 08:02 22520 /usr/lib/
b70a4000-b70a5000 rw-p 000c3000 08:02 22520 /usr/lib/
b70a5000-b70a6000 rw-p 00000000 00:00 0
b70a6000-b7127000 r-xp 00000000 08:02 22513 /lib/i386-
b7127000-b7128000 r--p 00080000 08:02 22513 /lib/i386-
b7128000-b712a000 rw-p 00081000 08:02 22513 /lib/i386-
b712a000-b713d000 r-xp 00000000 08:02 235 /lib/i386-
b713d000-b713e000 r--p 00013000 08:02 235 /lib/i386-
b713e000-b713f000 rw-p 00014000 08:02 235 /lib/i386-
b713f000-b7141000 rw-p 00000000 00:00 0
b7141000-b7186000 r-xp 00000000 08:02 25584 /usr/lib/
b7186000-b7187000 r--p 00044000 08:02 25584 /usr/lib/
b7187000-b7188000 rw-p 00045000 08:02 25584 /usr/lib/
b7188000-b7198000 rw-p 00000000 00:00 0
b7198000-b71af000 r-xp 00000000 08:02 259 /lib/i386-
b71af000-b71b0000 r--p 00016000 08:02 259 /lib/i386-
b71b0000-b71b1000 rw-p 00017000 08:02 259 /lib/i386-
b71b1000-b735e000 r-xp 00000000 08:02 146 /lib/i386-
b735e000-b7360000 r--p 001ad000 08:02 146 /lib/i386-
b7360000-b7361000 rw-p 001af000 08:02 146 /lib/i386-
b7361000-b7365000 rw-p 00000000 00:00 0
b7365000-b7375000 r-xp 00000000 08:02 25528 /usr/lib/
b7375000-b7376000 r--p 0000f000 08:02 25528 /usr/lib/
b7376000-b7377000 rw-p 00010000 08:02 25528 /usr/lib/
b7377000-b7383000 r-xp 00000000 08:02 25521 /usr/lib/
b7383000-b7384000 r--p 0000b000 08:02 25521 /usr/lib/
b7384000-b7385000 rw-p 0000c000 08:02 25521 /usr/lib/
b7385000-b74b7000 r-xp 00000000 08:02 22868 /usr/lib/
b74b7000-b74b8000 r--p 00132000 08:02 22868 /usr/lib/
b74b8000-b74bb000 rw-p 00133000 08:02 22868 /usr/lib/
b74bb000-b74bd000 r-xp 00000000 08:02 25775 /usr/lib/
b74bd000-b74be000 r--p 00001000 08:02 25775 /usr/lib/
b74be000-b74bf000 rw-p 00002000 08:02 25775 /usr/lib/
b74bf000-b74c4000 r-xp 00000000 08:02 25765 /usr/lib/
b74c4000-b74c5000 r--p 00004000 08:02 25765 /usr/lib/
b74c5000-b74c6000 rw-p 00005000 08:02 25765 /usr/lib/
b74c6000-b74c7000 rw-p 00000000 00:00 0
b74c7000-b74d0000 r-xp 00000000 08:02 25787 /usr/lib/
b74d0000-b74d1000 r--p 00008000 08:02 25787 /usr/lib/
b74d1000-b74d2000 rw-p 00009000 08:02 25787 /usr/lib/
b74d2000-b74d4000 r-xp 00000000 08:02 25785 /usr/lib/
b74d4000-b74d5000 r--p 00001000 08:02 25785 /usr/lib/
b74d5000-b74d6000 rw-p 00002000 08:02 25785 /usr/lib/
b74d6000-b74e6000 r-xp 00000000 08:02 22870 /usr/lib/
b74e6000-b74e7000 r--p 0000f000 08:02 22870 /usr/lib/
b74e7000-b74e8000 rw-p 00010000 08:02 22870 /usr/lib/
b74e8000-b74ed000 r-xp 00000000 08:02 28097 /usr/lib/
b74ed000-b74ee000 r--p 00004000 08:02 28097 /usr/lib/
b74ee000-b74ef000 rw-p 00005000 08:02 28097 /usr/lib/
b74ef000-b74f8000 r-xp 00000000 08:02 154 /lib/i386-
b74f8000-b74f9000 r--p 00008000 08:02 154 /lib/i386-
b74f9000-b74fa000 rw-p 00009000 08:02 154 /lib/i386-
b74fa000-b7522000 rw-p 00000000 00:00 0
b7522000-b76b4000 r-xp 00000000 08:02 156 /lib/i386-
b76b4000-b76c3000 r--p 00192000 08:02 156 /lib/i386-
b76c3000-b76ca000 rw-p 001a1000 08:02 156 /lib/i386-
b76ca000-b76cd000 rw-p 00000000 00:00 0
b76cd000-b771e000 r-xp 00000000 08:02 245 /lib/i386-
b771e000-b7720000 r--p 00050000 08:02 245 /lib/i386-
b7720000-b7724000 rw-p 00052000 08:02 245 /lib/i386-
b7724000-b773b000 r-xp 00000000 08:02 231 /lib/i386-
b773b000-b773c000 r--p 00016000 08:02 231 /lib/i386-
b773c000-b773d000 rw-p 00017000 08:02 231 /lib/i386-
b773d000-b773f000 rw-p 00000000 00:00 0
b773f000-b775c000 r-xp 00000000 08:02 29590 /usr/lib/
b775c000-b775d000 r--p 0001d000 08:02 29590 /usr/lib/
b775d000-b775e000 rw-p 0001e000 08:02 29590 /usr/lib/
b775e000-b77a6000 r-xp 00000000 08:02 29589 /usr/lib/
b77a6000-b77a7000 r--p 00048000 08:02 29589 /usr/lib/
b77a7000-b77a8000 rw-p 00049000 08:02 29589 /usr/lib/
b77a8000-b77be000 rw-p 00000000 00:00 0
b77cf000-b77d2000 rw-p 00000000 00:00 0
b77d2000-b77d3000 r-xp 00000000 00:00 0 [vdso]
b77d3000-b77f3000 r-xp 00000000 08:02 126 /lib/i386-
b77f3000-b77f4000 r--p 0001f000 08:02 126 /lib/i386-
b77f4000-b77f5000 rw-p 00020000 08:02 126 /lib/i386-
bffdd000-bfffe000 rw-p 00000000 00:00 0 [stack]
caught signal: 6
Changed in x11vnc-xinetd: | |
status: | Unknown → Fix Released |
I noticed that the problem only manifests itself if x11vnc is ./configure'd before compilation with the "--with- system- libvncserver" option. Unfortunately, only removing this ./configure option is not sufficient. One needs to make two other modifications to the debian/rules file.
Recompiling the x11vnc package after patching the debian/rules file with the attached patch produces a working x11vnc binary.