XFree86 GLX and DRI Screen Number Overflows Let Remote Users Crash the X Server
|
|
SecurityTracker Alert ID: 1009147 |
|
SecurityTracker URL: http://securitytracker.com/id/1009147
|
|
CVE Reference:
CAN-2004-0093, CAN-2004-0094
(Links to External Site)
|
Date: Feb 20 2004
|
Impact:
Denial of service via network
|
|
|
Description:
Two vulnerabilities were reported in XFree86. A remote user can cause the X server to crash.
It is reported that the GLX extension and Direct Rendering Infrastructure components not properly check the user-supplied screen number parameter. A remote user can send an invalid screen number value to trigger an array index boundary overflow [CVE: CAN-2004-0093] or an unsigned integer overflow [CVE: CAN-2004-0094]. The result is a segmentation fault, the report said.
The flaws reportedly reside in 'xf86dri.c' and 'glxcmds.c'.
|
Impact:
A remote user can cause the target X server to crash.
|
Solution:
No upstream solution was available at the time of this entry.
|
Vendor URL: www.xfree86.org/ (Links to External Site)
|
Cause:
Boundary error, Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 20 Feb 2004 07:43:24 -0500
Subject: CAN-2004-0093, CAN-2004-0094
|
CVE: CAN-2004-0093, CAN-2004-0094
Debian reported:
Denial-of-service attacks against the X
server by clients using the GLX extension and Direct Rendering
Infrastructure are possible due to unchecked client data (out-of-bounds
array indexes [CAN-2004-0093] and integer signedness errors
[CAN-2004-0094]).
|
|
