LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A new X.Org security hole

[Posted May 3, 2006 by corbet]

There is a vulnerability in the X.Org server; it is a buffer overflow which can enable local root access by way of an X client. If you allow access to your X server from the net as a whole, this could be a remote root vulnerability - but, presumably, nobody has done that for years. As of this writing, updates are available from Gentoo, Mandriva, and SUSE; see the LWN vulnerability entry for the current list.

Note that this is not the vulnerability so loudly proclaimed recently by Coverity. That is an older bug which LWN readers knew about last March.

(Log in to post comments)

A new X.Org security hole

Posted May 4, 2006 18:57 UTC (Thu) by s_cargo (guest, #10473) [Link]

If you allow access to your X server from the net as a whole, ... but, presumably, nobody has done that for years
I think maybe I'll open up my X server to the whole net, but only for anyone that wants to pop up an xterm. ;-)

A new X.Org security hole

Posted May 5, 2006 7:25 UTC (Fri) by tarjeih (guest, #37566) [Link]

Allthough most people do not keep open sockets this is a very serious security hole for anyone running a set of public accessable Linux boxen - f.x. universities.

It should not be viewed as "non leathal" just because it is not dangerous unless you run a multiuser linuxsystem - isn't that what we want people to be doing?

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds