News: 0175355195

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years (phoronix.com)

(Tuesday October 29, 2024 @06:40PM (BeauHD) from the X-server-strikes-again dept.)


Phoronix's Michael Larabel reports:

> CVE-2024-9632 was made public today as the latest security vulnerability affecting the X.Org Server. The CVE-2024-9632 security issue has been [1]present in the codebase now for 18 years and can lead to local privilege escalation. Introduced in the X.Org Server 1.1.1 release back in 2006, CVE-2024-9632 affects the X.Org Server as well as XWayland too. By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.

>

> This security issue is within _XkbSetCompatMap() and stems from not updating the heap size properly and can lead to local privilege escalation if the server is run as root or as a remote code execution with X11 over SSH.

You can read the security advisory announcement [2]here .



[1] https://www.phoronix.com/news/X.Org-CVE-2024-9632

[2] https://lists.x.org/archives/xorg-announce/2024-October/003545.html


Consider this. (Score:5, Insightful)

by Gravis Zero ( 934156 )

If this is kind of thing has lurked in a widely reviewed codebase for 18 years, how long do you think it will take to identify all the nasty bugs in all the different Wayland clients?

Re: Consider this. (Score:2)

by Frank Burly ( 4247955 )

I think one of the justifications for Wayland was the kludge upon kludge quality of xorg's code.

Re: (Score:2)

by fahrbot-bot ( 874524 )

> I think one of the justifications for Wayland was the kludge upon kludge quality of xorg's code.

'Cause new code is never kludgy ...

Re: (Score:3)

by Random361 ( 6742804 )

Or the classic shit that is Windows. Just saying, while we're talking about legacy shit code.

Re: (Score:2)

by bjoast ( 1310293 )

Wayland has a much more secure architecture by default, with far less code running with high privileges.

Wayland can not get here soon enough (Score:2)

by williamyf ( 227051 )

Not only Xfree86 (to distingish it from the plaform formerly known as Twitter) has a creacking and archaic codebase, it also is not suitable for the modern way to compute (smart devices instead of dumb graphic terminals). Yes, we lose some mighty powerfull features along the way, But I trust that the returns (mainly in performance and ease of maintenance) will outweight the lost features...

Anywho, again, Wayland can not get here soon enough.

Re: (Score:2)

by gweihir ( 88907 )

> it also is not suitable for the modern way to compute (smart devices instead of dumb graphic terminals).

I disagree. It not being "modern" does not imply it not being a good option.

Not that big an issue (Score:2)

by gweihir ( 88907 )

It requires a computer with X11 and users not also having root. That is not that common a set-up. Obviously, it exists.

Wasn't this known about? (Score:2)

by sizzlinkitty ( 1199479 )

I swear this has been a known attack vector for a long time. When I took my CEH back in 2010'ish, my sans instructor was talking about using malicious images to take over linux gui's.

How is XWayland affected? (Score:2)

by caseih ( 160668 )

I don't think XWayland runs as root. How is it affected by this privilege escalation?

She was good at playing abstract confusion in the same way a midget is
good at being short.
-- Clive James, on Marilyn Monroe