Darknet - The Darkside » x11 http://www.darknet.org.uk Ethical Hacking, Penetration Testing & Computer Security Mon, 22 Mar 2010 06:54:39 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Homeland Security Uncovers Critical Flaw in X11 http://www.darknet.org.uk/2006/05/homeland-security-uncovers-critical-flaw-in-x11/ http://www.darknet.org.uk/2006/05/homeland-security-uncovers-critical-flaw-in-x11/#comments Thu, 04 May 2006 01:50:43 +0000 Darknet http://www.darknet.org.uk/2006/05/homeland-security-uncovers-critical-flaw-in-x11/ An open-source security audit program funded by the U.S. Department of Homeland Security has flagged a critical vulnerability in the X Window System (X11) which is used in Unix and Linux systems. A missing parentheses in a bit of code is to blame. The error can grant a user root access, and was discovered using an automated code-scanning tool.

The flaw has been fixed.

It was a change from this:

if (getuid() == 0 || geteuid != 0)

to this:

if (getuid() == 0 || geteuid() != 0)

The best part was the CVS comment:

Fri Mar 10 17:29:51 2006 UTC (7 weeks, 4 days ago) by deraadt:
proper geteuid calls because suse hires people who mistype things

From the article:

Coverity, the San Franciso-based company managing the project under a $1.25 million grant, described the flaw as the “biggest security vulnerability” found in the X Window System code since 2000.

The X Window System, also called X11 or X, provides the toolkit and protocol to build GUIs for Unix and Unix-like operating systems. It is used to provide windowing for bit-map displays.

Source: Yahoo News

Apparently OpenBSD already fixed this during a code-cleanup.

Post to Twitter Post to Delicious Post to Digg Post to Facebook Post to StumbleUpon

]]> http://www.darknet.org.uk/2006/05/homeland-security-uncovers-critical-flaw-in-x11/feed/ 0