Vigil@nce: Xorg, memory corruption via the Render extension
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can generate an error in the Render extension of
Xorg, in order to stop the service and possibly to execute code
with root privileges.
– Severity: 2/4
– Creation date: 28/04/2010
DESCRIPTION OF THE VULNERABILITY
The Render extension of Xorg manages the transparency of windows.
The mod(a,b) macro computes the remainder of integer division
"a%b". However, when "a" is negative, parenthesis are missing
around operations, which generates a computation error. The
remainder of "a%b" thus becomes superior to "b".
The Render extension uses this macro to compute its memory areas.
A memory corruption thus occurs.
A local attacker can therefore generate an error in the Render
extension of Xorg, in order to stop the service and possibly to
execute code with root privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xorg-memory-corruption-via-the-Render-extension-9617