Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security

Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years (phoronix.com) 29

Phoronix's Michael Larabel reports: CVE-2024-9632 was made public today as the latest security vulnerability affecting the X.Org Server. The CVE-2024-9632 security issue has been present in the codebase now for 18 years and can lead to local privilege escalation. Introduced in the X.Org Server 1.1.1 release back in 2006, CVE-2024-9632 affects the X.Org Server as well as XWayland too. By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.

This security issue is within _XkbSetCompatMap() and stems from not updating the heap size properly and can lead to local privilege escalation if the server is run as root or as a remote code execution with X11 over SSH.
You can read the security advisory announcement here.

Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years

Comments Filter:
  • Consider this. (Score:5, Insightful)

    by Gravis Zero ( 934156 ) on Tuesday October 29, 2024 @06:04PM (#64904583)

    If this is kind of thing has lurked in a widely reviewed codebase for 18 years, how long do you think it will take to identify all the nasty bugs in all the different Wayland clients?

    • I think one of the justifications for Wayland was the kludge upon kludge quality of xorg's code.
    • Or the classic shit that is Windows. Just saying, while we're talking about legacy shit code.
    • by bjoast ( 1310293 )
      Wayland has a much more secure architecture by default, with far less code running with high privileges.
      • X11 doesnâ(TM)t need to run as root, only the login system needs to (because it has to be able to spawn something as the user) and with tools like SELinux or containers, that would still give very limited access even if successfully exploited. The problem with Wayland is that it is not entirely understood yet what you need for a functioning system, so SELinux definitions are overly broad or ill defined, running Wayland in a container is rather disastrous because of required access to (2D/3D) accelerati

    • by Dr. Tom ( 23206 )

      It's actually WELL KNOWN that Xorg has horrible memory management, it crashes all the time if you give it a bitmap that is too big. This isn't news at all. Everybody knows it leaks memory, that's one of the reasons for replacing that ancient pile of crud

    • by Dr. Tom ( 23206 )

      Widely reviewed? Have you looked at it? It's so awful even the hackers trying to exploit the flaws can't figure out where the memory leak is

      • Oh whatever. I remember about 15 years ago I had to make something work with X and it took me all of a week or two of casual hacking to make it happen.

        Same as any pile of code: sit down, coffee up, trace it out.

    • how long do you think it will take to identify all the nasty bugs in all the different Wayland clients?

      Considering the codebase of Wayland is orders of magnitude simpler even if you don't count the many additional libraries for X.org, chances are not as long.

      Also I really hope you're not reading this on a modern device or a modern OS. I hear programmers programmed those and there may be bugs in it. Be afraid my man. Those coding types can't be trusted. /s

      • Considering the codebase of Wayland is orders of magnitude simpler

        What is your source for this information? Have you looked at the codebases? It sounds like you're making shit up.

    • Local privilege escalation exploits are common in Linux because of the large attack surface. And Windows has a much larger attack surface.
  • Not only Xfree86 (to distingish it from the plaform formerly known as Twitter) has a creacking and archaic codebase, it also is not suitable for the modern way to compute (smart devices instead of dumb graphic terminals). Yes, we lose some mighty powerfull features along the way, But I trust that the returns (mainly in performance and ease of maintenance) will outweight the lost features...

    Anywho, again, Wayland can not get here soon enough.

  • It requires a computer with X11 and users not also having root. That is not that common a set-up. Obviously, it exists.

  • I swear this has been a known attack vector for a long time. When I took my CEH back in 2010'ish, my sans instructor was talking about using malicious images to take over linux gui's.

  • by caseih ( 160668 ) on Tuesday October 29, 2024 @06:55PM (#64904697)

    I don't think XWayland runs as root. How is it affected by this privilege escalation?

    • by caseih ( 160668 )

      Reading the article, it's not affected by privilege escalation, but if you ran a malicious program via X11 over ssh, then it could get XWayland to run arbitrary code as your user. Technically remotely exploitable.

    • by sjames ( 1099 )

      Quite often, neither does X.Org

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...