Online News Features Blogs RSS Feeds White Papers Conference Videos Departments Administration Infrastructure Security Networking Web Works Programming Desktop Community Resources Current Issue Special Editions Spotlight Reviews Event Calendar Archives Article Code Subscribe Newsletter Contact Germany's Shoppingmall No.1! 10000 Shops and over 3,4 Mio. Products. Computer, Software and Technic Guidebooks. Admin Magazine Subscribe now and save! ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better: network security system management troubleshooting performance tuning virtualization cloud computing   on Windows, Linux, Solaris, and popular varieties of Unix. http://www.admin-magazine.com/

linuxpromagazine.com » Online » News » Vulnerability Discovered in X Font Server   Two protocol handlers give attackers the ability to inject malicious code into X Font Server (XFS). Linux systems are only vulnerable to local attacks. The X Font Server is not accessible over networks by default. Vulnerability Discovered in X Font Server Oct 04, 2007 Two protocol handlers give attackers the ability to inject malicious code into X Font Server (XFS). Linux systems are only vulnerable to local attacks. The X Font Server is not accessible over networks by default. The bug (CVE-2007-4568) in the handler for QueryXBitmap and QueryXExtents protocol requests can trigger integer overflows. In both protocols this triggers a call to the "build_range()" function which expects a 32 bit integer value with the request, and calculates the dynamic memory size. The calculation can overflow causing incorrect memory allocation. This results in a heap overflow. A second vulnerability affects the "swap_char2b()". Calling the function gives attackers the ability to store an arbitrary number of values on the heap. A successful exploit would give an attacker the ability to execute arbitrary code. Security experts with Idefense tested a Solaris system. Solaris calls XFS by default on booting, and sets up the X Server to listen on port 7100, which would thus open up a remote attack vector. Idefense discovered the vulnerability in XFS version X11R7.2-1.0.4, although earlier versions may also be affected. The X.org-Team has fixed the issue in the new XFS 1.0.5 Version. A patch is available for for version 1.0.4 (X11R7.3). (Jan Rähm) Comments Two protocol handlers give attackers the ability to inject malicious code into X Font Server (XFS). Linux systems are only vulnerable to local attacks. The X Font Server is not accessible over networks by default. FREE Live Streaming Video from ApacheCon US 2009 Watch our free Video Archive from Apachecon US 2009. Archive provided by The Apache Foundation, COLLABNET, and Linux Pro Magazine Drawing internationally renowned thought-leaders, contributors, and organizations in the Open Source community, ApacheCon offers insight into the culture and community that develops and shepherds industry-leading Open Source projects, including Apache HTTP Server – the world's most popular Web server software for more than 10 years. Find out more

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.

© 2012Linux New Media USA, LLC

Linux New Media Websites
North America: [Linux Pro Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer]
International: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer] [Linux Magazine Academy]

Germany: [Linux-Magazin] [ADMIN Magazin] [LinuxUser] [EasyLinux] [Linux-Community]
[Ubuntu User] [Smart Developer] [Android User] [Linux-Magazin Academy]
Poland: [Linux Magazine] [EasyLinux]
Spain: [Linux Magazine] [Ubunutu User]
Netherlands: [Linux Magazine Academy]
Brazil: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Guia de TI]