Red Hat Bugzilla – Bug 11632
XFree86 Xserver Denial of Service Vulnerability
Last modified: 2008-05-01 11:37:55 EDT
From bugtraq. http://www.securityfocus.com/vdb/bottom.html?vid=1235
A denial of service exists in XFree86 3.3.5, 3.3.6 and 4.0. A remote user
can send a malformed packet to the TCP listening port, 6000, which will
cause the X server to be unresponsive for some period of time. During this
time, the keyboard will not respond to user input, and in some cases, the
mouse will also not respond. During this time period, the X server will
utilize 100% of the CPU, and can only be repaired by being signaled.
If it's any help, this appears to be the same issue for which Caldera has
already issued a fix:
we will have a fix available very soon.
errata will be released this week.
Are you sure, Preston? :-)
Sorry to be irritating :-)
I never saw an update?
If one does appear, there are new (and not so new) other X security issues which need looking at;
1) Very recently, an Xlib overflow in UNIX socket name.
2) Some serious Xlib/misc issues I found a while back.
It is my understanding that all of these are fixed in XFree4.0.1
A backport should be easy. At the time the backport is done, a brief check for _other_
security holes fixed in 4.0.1 but not 3.3.6 might be advisible.
Poor RH6.x users are currently running with known X security holes. The 2 DoS issues
are particularly unpleasant
A number of security releated items are just checked into the xf-3_3-branch
of xfree86 cvs. I will be releasing an errata including them before too long.
I am waiting for the remainder of changes to get into cvs first, and also
need to allow time for testing, etc.. Errata will be out likely by the end
of the month.
I guess my definition of "before too long" is a bit premature. There
is a test release at ftp://people.redhat.com/mharris/testing that fixes
all known security issues with XFree86 3.3.6. This is my soon to be
released errata candidate unless some major bug comes up in the next few