Bug 11632 - XFree86 Xserver Denial of Service Vulnerability
Summary: XFree86 Xserver Denial of Service Vulnerability
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: XFree86 (Show other bugs)
(Show other bugs)
Version: 6.2
Hardware: All Linux
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2000-05-24 15:31 UTC by Matthew Miller
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-04-24 16:27:15 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Matthew Miller 2000-05-24 15:31:39 UTC
From bugtraq. http://www.securityfocus.com/vdb/bottom.html?vid=1235

A denial of service exists in XFree86 3.3.5, 3.3.6 and 4.0. A remote user
can send a malformed packet to the TCP listening port, 6000, which will
cause the X server to be unresponsive for some period of time. During this
time, the keyboard will not respond to user input, and in some cases, the
mouse will also not respond. During this time period, the X server will
utilize 100% of the CPU, and can only be repaired by being signaled.

Comment 1 Matthew Miller 2000-05-24 17:42:59 UTC
If it's any help, this appears to be the same issue for which Caldera has
already issued a fix:

Comment 2 Preston Brown 2000-05-24 19:26:59 UTC
we will have a fix available very soon.

Comment 3 Preston Brown 2000-05-30 16:39:59 UTC
errata will be released this week.

Comment 4 Chris Evans 2000-06-27 23:09:26 UTC
Are you sure, Preston? :-)

Comment 5 Chris Evans 2000-07-24 21:35:50 UTC
Sorry to be irritating :-)

Comment 6 Chris Evans 2000-10-16 17:37:44 UTC
I never saw an update?
If one does appear, there are new (and not so new) other X security issues which need looking at;
1) Very recently, an Xlib overflow in UNIX socket name.
See: http://www.securityfocus.com/archive/1/139436

2) Some serious Xlib/misc issues I found a while back.

It is my understanding that all of these are fixed in XFree4.0.1
A backport should be easy. At the time the backport is done, a brief check for _other_
security holes fixed in 4.0.1 but not 3.3.6 might be advisible.
Poor RH6.x users are currently running with known X security holes. The 2 DoS issues
are particularly unpleasant

Comment 7 Mike A. Harris 2001-02-11 14:48:20 UTC
A number of security releated items are just checked into the xf-3_3-branch
of xfree86 cvs.  I will be releasing an errata including them before too long.
I am waiting for the remainder of changes to get into cvs first, and also
need to allow time for testing, etc..  Errata will be out likely by the end
of the month.

Comment 8 Mike A. Harris 2001-05-15 09:07:54 UTC
I guess my definition of "before too long" is a bit premature.  There
is a test release at ftp://people.redhat.com/mharris/testing that fixes
all known security issues with XFree86 3.3.6.  This is my soon to be
released errata candidate unless some major bug comes up in the next few

Note You need to log in before you can comment on or make changes to this bug.