input device names used in logging format strings
Bug #996250 reported by
Kees Cook
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xorg-server (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Hardy |
Won't Fix
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Low
|
Unassigned | ||
Natty |
Won't Fix
|
Low
|
Steve Beattie | ||
Oneiric |
Won't Fix
|
Low
|
Steve Beattie | ||
Precise |
Fix Released
|
Low
|
Steve Beattie | ||
Quantal |
Fix Released
|
Low
|
Unassigned |
Bug Description
Attaching devices with "%n" in their names will crash Xorg.
Related branches
CVE References
tags: | added: patch |
Changed in xorg-server (Ubuntu Lucid): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in xorg-server (Ubuntu Natty): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in xorg-server (Ubuntu Oneiric): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in xorg-server (Ubuntu Precise): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in xorg-server (Ubuntu Quantal): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in xorg-server (Ubuntu Hardy): | |
status: | New → Won't Fix |
Changed in xorg-server (Ubuntu Quantal): | |
status: | Confirmed → Fix Released |
Changed in xorg-server (Ubuntu Natty): | |
assignee: | nobody → Steve Beattie (sbeattie) |
Changed in xorg-server (Ubuntu Oneiric): | |
assignee: | nobody → Steve Beattie (sbeattie) |
Changed in xorg-server (Ubuntu Precise): | |
assignee: | nobody → Steve Beattie (sbeattie) |
Changed in xorg-server (Ubuntu Natty): | |
status: | Confirmed → In Progress |
Changed in xorg-server (Ubuntu Oneiric): | |
status: | Confirmed → In Progress |
Changed in xorg-server (Ubuntu Precise): | |
status: | Confirmed → In Progress |
To post a comment you must log in.
Adding an input device with a malicious name can trigger a format
string flaw in Xorg's logging subsystem. For builds of Xorg lacking
-D_FORTIFY_SOURCE=2 (or 32-bit systems lacking the fix to fortify[1])
this can lead to arbitrary code execution as the Xorg user, usually
root. When built with fortify, this is a denial of service, since Xorg
will abort.
Proposed solution patch series can be found here: patchwork. freedesktop. org/patch/ 10000/ patchwork. freedesktop. org/patch/ 9998/ patchwork. freedesktop. org/patch/ 9999/ patchwork. freedesktop. org/patch/ 10001/
1/4 http://
2/4 http://
3/4 http://
4/4 http://
-Kees
[1] http:// sourceware. org/git/ ?p=glibc. git;a=commitdif f;h=7c1f4834d39 8163d1ac8101e35 e9c36fc3176e6e