Buffer overflows in libXfont

J65nko · #1 **(View Single Post)** 18th March 2015

Quote:

X.Org Security Advisory: March 17, 2015

More BDF file parsing issues in libXfont

Description

Ilja van Sprundel, a security researcher with IOActive, has discovered an issue in the parsing of BDF font files by libXfont. Additional testing by Alan Coopersmith and William Robinet with the American Fuzzy Lop (afl) tool uncovered two more issues in the parsing of BDF font files.

As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have the potential to allow unprivileged users to run code with the privileges of the X server (often root access).

For OpenBSD see libXfont Errata

thirdm · #2 **(View Single Post)** 18th March 2015

This is the same person who found all those Xorg bugs a couple years ago and gave that great talk (with a nod to OpenBSD's X server privilege separation design) at CCC:

http://media.ccc.de/browse/congress/..._sprundel.html

Someone buy the man a beer or three.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
rxvt buffer overflow?	arrow	OpenBSD Security	5	1st October 2014 01:25 PM
VMware patches buffer overflow in legacy products	J65nko	News	0	5th October 2011 11:04 PM
PostgreSQL security update fixes a buffer overrun	J65nko	News	0	1st February 2011 06:37 PM
error: reexec socketpair: No buffer space available	chris	FreeBSD General	3	24th July 2009 08:07 PM
dhcpd:No Buffer space avaible	marsjanq	OpenBSD General	8	13th September 2008 07:52 PM