Homeland Security Uncovers Critical Flaw in X11
An open-source security audit program funded by the U.S. Department of Homeland Security has flagged a critical vulnerability in the X Window System (X11) which is used in Unix and Linux systems. A missing parentheses in a bit of code is to blame. The error can grant a user root access, and was discovered using an automated code-scanning tool.
The flaw has been fixed.
It was a change from this:
if (getuid() == 0 || geteuid != 0)
to this:
if (getuid() == 0 || geteuid() != 0)
The best part was the CVS comment:
Fri Mar 10 17:29:51 2006 UTC (7 weeks, 4 days ago) by deraadt:
proper geteuid calls because suse hires people who mistype things
From the article:
Coverity, the San Franciso-based company managing the project under a $1.25 million grant, described the flaw as the “biggest security vulnerability” found in the X Window System code since 2000.
The X Window System, also called X11 or X, provides the toolkit and protocol to build GUIs for Unix and Unix-like operating systems. It is used to provide windowing for bit-map displays.
Source: Yahoo News
Apparently OpenBSD already fixed this during a code-cleanup.
Tweet
Posted in: 
Recent in Exploits/Vulnerabilities:
- No BEAST Fix From Microsoft In December Patch Tuesday – But They Fixed Duqu Bug
- Apple Bans Security Researcher Charlie Miller For Exposing iOS Exploit
- Rec Studio 4 – Reverse Engineering Compiler & Decompiler
Related Posts:
- Homeland Security Scores an F for Internal Security AGAIN
- Government Accountability Office Report Slams FBI Internal Security
- Serious XSS Flaw in Google Desktop Allows Data Theft
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 191,015 views
- AJAX: Is your application secure enough? - 115,582 views
- eEye Launches 0-Day Exploit Tracker - 81,040 views
Recent Comments