XFree86 fbglyph Denial of Service Vulnerability

XFree86 4.x is vulnerable to a potential memory corruption / buffer overflow attack. This vulnerability has been demonstrated using the KDE Web Browser / File Management application "Konqueror", and represents at the very least a denial of service. This may also indicate an exploitable buffer overflow that could be used by an attacker to gain privileges on the machine running the X server, and may or may not be remotely exploitable (depending on which applications expose it). This is a vulnerability in the XFree86 server itself and not the client applications that can be used to initiate it. This has been reported under the following circumstances:

1. When the Konqueror browser processes excessively long strings in the actual browser window (ie, pasting these to a remote site from within the browser).
2. Double clicking on excessively long filenames in the file manager of Konqueror

Linux and other systems may be compromised if this vulnerability is successfully exploited to execute arbitrary code.


Privacy Statement
Copyright 2010, SecurityFocus