Exploitable Buffer Overflows in XFree86 Font Alias Parser

Information Technology Systems and Services at Stanford

ITSS Information Security Services

ITSS Security Alerts > Exploitable Buffer Overflows in XFree86 Font Alias Parser -- 11 Feb 2004

On this page:
Summary
Technical Details
Countermeasures
References

Summary

XFree86 is a popular graphics system for Linux and other UNIX variants. A patch for XFree86 released this week fixes two buffer overflows in the XFree86 font management system. The vulnerabilities allow a local unprivileged user to gain root privileges on an unpatched system. Given the frequency of privilege escalation attacks on Linux machines at Stanford, all UNIX system administrators are strongly encouraged to apply these patches promptly.

For SULinux 9, please type

apt-get update && apt-get upgrade

as the root user, to install this package and other updated applications. Packages will be available for other SULinux versions in the near future.

XFree86 users on platforms other than SULinux are urged to consult their OS providers for information on updated packages.

XFree86 fix for Redhat

Technical Details

The X-Windows system is a client/server interface between a machine's display and input hardware (monitor, keyboard and mouse) and the operating system desktop environment. XFree86 is an open source implementation of X-Windows. Within the XFree86 architecture, the font.alias file allows a system administrator to define nicknames for fonts within X-Windows, for ease of reference. Two distinct errors in the X server code that parses font.alias contains a buffer overflow which may allow an attacker to execute arbitrary code within the security context of the server, usually root.

Countermeasures

The ability to parse the font.alias file is included in all XFree86 packages, and cannot be disabled. Users of XFree86 -- commonly included in Linux and the open source BSD implementations (OpenBSD, FreeBSD, NetBSD) -- are strongly encouraged to install the updated XFree86 package as quickly as possible.

The source code patch is available at ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes/fontfile.diff and is applicable to versions 4.1.0 and later. [Earlier versions are suspected to be vulnerable but patches are not available.]

References

[1] XFree86 Font Information File Buffer Overflow

[2] XFree86 Font Information File Buffer Overflow II

[3] Updated XFree86 packages fix privilege escalation vulnerability

Last modified Wednesday, 08-Feb-2006 11:46:26 PST

© 2003-2004, Stanford University. All rights reserved.
Comments about this document? Use the HelpSU submission form.
Need computing help? Visit HelpSU or call 5-HELP (650-725-4357).