11632 – XFree86 Xserver Denial of Service Vulnerability

Bug 11632 - XFree86 Xserver Denial of Service Vulnerability

Summary: XFree86 Xserver Denial of Service Vulnerability

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	XFree86
Sub Component:
Version:	6.2
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Mike A. Harris
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-05-24 15:31 UTC by Matthew Miller
Modified:	2008-05-01 15:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-04-24 16:27:15 UTC
Embargoed:

Attachments	(Terms of Use)

Description Matthew Miller 2000-05-24 15:31:39 UTC

From bugtraq. http://www.securityfocus.com/vdb/bottom.html?vid=1235

A denial of service exists in XFree86 3.3.5, 3.3.6 and 4.0. A remote user
can send a malformed packet to the TCP listening port, 6000, which will
cause the X server to be unresponsive for some period of time. During this
time, the keyboard will not respond to user input, and in some cases, the
mouse will also not respond. During this time period, the X server will
utilize 100% of the CPU, and can only be repaired by being signaled.

Comment 1 Matthew Miller 2000-05-24 17:42:59 UTC

If it's any help, this appears to be the same issue for which Caldera has
already issued a fix:
ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-012.0.txt

Comment 2 Preston Brown 2000-05-24 19:26:59 UTC

we will have a fix available very soon.

Comment 3 Preston Brown 2000-05-30 16:39:59 UTC

errata will be released this week.

Comment 4 Chris Evans 2000-06-27 23:09:26 UTC

Are you sure, Preston? :-)

Comment 5 Chris Evans 2000-07-24 21:35:50 UTC

Sorry to be irritating :-)

Comment 6 Chris Evans 2000-10-16 17:37:44 UTC

I never saw an update?
If one does appear, there are new (and not so new) other X security issues which need looking at;
1) Very recently, an Xlib overflow in UNIX socket name.
See: http://www.securityfocus.com/archive/1/139436

2) Some serious Xlib/misc issues I found a while back.
See:
http://www.securityfocus.com/archive/1/65692
http://www.securityfocus.com/archive/1/65699
http://www.securityfocus.com/archive/1/65689


It is my understanding that all of these are fixed in XFree4.0.1
A backport should be easy. At the time the backport is done, a brief check for _other_
security holes fixed in 4.0.1 but not 3.3.6 might be advisible.
Poor RH6.x users are currently running with known X security holes. The 2 DoS issues
are particularly unpleasant

Comment 7 Mike A. Harris 2001-02-11 14:48:20 UTC

A number of security releated items are just checked into the xf-3_3-branch
of xfree86 cvs.  I will be releasing an errata including them before too long.
I am waiting for the remainder of changes to get into cvs first, and also
need to allow time for testing, etc..  Errata will be out likely by the end
of the month.

Comment 8 Mike A. Harris 2001-05-15 09:07:54 UTC

I guess my definition of "before too long" is a bit premature.  There
is a test release at ftp://people.redhat.com/mharris/testing that fixes
all known security issues with XFree86 3.3.6.  This is my soon to be
released errata candidate unless some major bug comes up in the next few
days.

Note You need to log in before you can comment on or make changes to this bug.