Vigil@nce - X.Org: format string attack via a device
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can connect a device with a special name, in
order to generate a format string attack in X.Org, which leads to
a denial of service or possibly to code execution.
Severity: 2/4
Creation date: 19/04/2012
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The X.Org graphic environment runs with root privileges.
When a user connects a new equipment (for example a Bluetooth
keyboard), its name is logged by the LogVHdrMessageVerb()
function. However, the name is used in a generated format string.
A local attacker can therefore connect a device with a special
name, in order to generate a format string attack in X.Org, which
leads to a denial of service or possibly to code execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/X-Org-format-string-attack-via-a-device-11557