On 11/18/13 10:48 AM, Jeremy C. Reed wrote:
On Tue, 8 Oct 2013, Alan Coopersmith wrote:
Pedro Ribeiro ([email protected]) reported an issue to the X.Org
security team in which an authenticated X client can cause an X server
to use memory after it was freed, potentially leading to crash and/or
memory corruption.
Does this happen unknown to the authenticated user, where the X server
crashes? Or does the authenticated user actually need some instrumented
malicious client to cause the crash? Does the memory corruption allow
running some code on the server with different privileges?
I'm not sure how the authenticated user could not know when the X server
crashes, so I don't understand the first question.
As far as we know, any malicious client can cause the memory corruption,
with a crash being the most likely result - no one attempted to do the
deep analysis to determine if there's any way that the memory corruption
could be exploited to execute code, we really don't have anyone who is
both skilled in that and in the X server internals to do such analysis,
so we felt better to issue an advisory that may be worrying to much than
to ignore a problem someone more skilled than us could exploit.
Does X.org Security use CVSS or some other measurement to decide if a
bug is a security vulnerability? If so, where documented? Thanks.
No, we use our best judgment.
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
_______________________________________________
[email protected]: X.Org support
Archives: http://lists.freedesktop.org/archives/xorg
Info: http://lists.x.org/mailman/listinfo/xorg
Your subscription address: %(user_address)s
