Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years (phoronix.com) 29
Phoronix's Michael Larabel reports: CVE-2024-9632 was made public today as the latest security vulnerability affecting the X.Org Server. The CVE-2024-9632 security issue has been present in the codebase now for 18 years and can lead to local privilege escalation. Introduced in the X.Org Server 1.1.1 release back in 2006, CVE-2024-9632 affects the X.Org Server as well as XWayland too. By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.
This security issue is within _XkbSetCompatMap() and stems from not updating the heap size properly and can lead to local privilege escalation if the server is run as root or as a remote code execution with X11 over SSH. You can read the security advisory announcement here.
This security issue is within _XkbSetCompatMap() and stems from not updating the heap size properly and can lead to local privilege escalation if the server is run as root or as a remote code execution with X11 over SSH. You can read the security advisory announcement here.
Consider this. (Score:5, Insightful)
If this is kind of thing has lurked in a widely reviewed codebase for 18 years, how long do you think it will take to identify all the nasty bugs in all the different Wayland clients?
Re: Consider this. (Score:2)
Re: Consider this. (Score:4, Insightful)
I think one of the justifications for Wayland was the kludge upon kludge quality of xorg's code.
'Cause new code is never kludgy ...
Re: (Score:2)
I think one of the justifications for Wayland was the kludge upon kludge quality of xorg's code.
'Cause new code is never kludgy ...
Of course not. New is always better [youtube.com].
Re: (Score:2)
Damn. He sold me.
Re: (Score:2)
I think one of the justifications for Wayland was the kludge upon kludge quality of xorg's code.
'Cause new code is never kludgy ...
Of course not. New is always better [youtube.com].
[*smacks forehead*] Detailed, iron-clad logic to be sure. :-)
Re: (Score:2)
Laughs in OpenBSD.
Re: Consider this. (Score:1)
So they invented kludgey by design. Want screen capture, not secure by design, want screen lock/savers, who needs that!, I just want a window manager, hereâ(TM)s 15 of them with various different opinions on security and how to implement the Wayland protocol and 75% are tiling (Windows 1.0 called).
Re: (Score:3)
Re: (Score:2)
Re: Consider this. (Score:1)
X11 doesnâ(TM)t need to run as root, only the login system needs to (because it has to be able to spawn something as the user) and with tools like SELinux or containers, that would still give very limited access even if successfully exploited. The problem with Wayland is that it is not entirely understood yet what you need for a functioning system, so SELinux definitions are overly broad or ill defined, running Wayland in a container is rather disastrous because of required access to (2D/3D) accelerati
Re: (Score:2)
It's actually WELL KNOWN that Xorg has horrible memory management, it crashes all the time if you give it a bitmap that is too big. This isn't news at all. Everybody knows it leaks memory, that's one of the reasons for replacing that ancient pile of crud
Re: (Score:3)
Widely reviewed? Have you looked at it? It's so awful even the hackers trying to exploit the flaws can't figure out where the memory leak is
Re: Consider this. (Score:2)
Oh whatever. I remember about 15 years ago I had to make something work with X and it took me all of a week or two of casual hacking to make it happen.
Same as any pile of code: sit down, coffee up, trace it out.
Re: (Score:2)
how long do you think it will take to identify all the nasty bugs in all the different Wayland clients?
Considering the codebase of Wayland is orders of magnitude simpler even if you don't count the many additional libraries for X.org, chances are not as long.
Also I really hope you're not reading this on a modern device or a modern OS. I hear programmers programmed those and there may be bugs in it. Be afraid my man. Those coding types can't be trusted. /s
Re: (Score:2)
Considering the codebase of Wayland is orders of magnitude simpler
What is your source for this information? Have you looked at the codebases? It sounds like you're making shit up.
Re: (Score:2)
Wayland can not get here soon enough (Score:2)
Not only Xfree86 (to distingish it from the plaform formerly known as Twitter) has a creacking and archaic codebase, it also is not suitable for the modern way to compute (smart devices instead of dumb graphic terminals). Yes, we lose some mighty powerfull features along the way, But I trust that the returns (mainly in performance and ease of maintenance) will outweight the lost features...
Anywho, again, Wayland can not get here soon enough.
Re: (Score:3)
it also is not suitable for the modern way to compute (smart devices instead of dumb graphic terminals).
I disagree. It not being "modern" does not imply it not being a good option.
Re: Wayland can not get here soon enough (Score:1)
Donâ(TM)t worry, it has been âoeon its wayâ for 16 years now.
Not that big an issue (Score:2)
It requires a computer with X11 and users not also having root. That is not that common a set-up. Obviously, it exists.
Re: (Score:2)
Wasn't this known about? (Score:2)
I swear this has been a known attack vector for a long time. When I took my CEH back in 2010'ish, my sans instructor was talking about using malicious images to take over linux gui's.
How is XWayland affected? (Score:3)
I don't think XWayland runs as root. How is it affected by this privilege escalation?
Re: (Score:2)
Reading the article, it's not affected by privilege escalation, but if you ran a malicious program via X11 over ssh, then it could get XWayland to run arbitrary code as your user. Technically remotely exploitable.
Re: (Score:2)
Quite often, neither does X.Org