Summary
A malicious authenticated client can force Xorg server to exhaust (or fragment) its address space. If running on Linux,this may result in the process stack top being in an unexpected region and execution of arbitrary code with server priv-ileges (root).x86 32 and x86 64 platforms are aected, others most probably are aected,too.Note that depending on the system con guration, by default local unpriv-ileged users may be able to start an instance of Xorg server that requires no authentication and exploit it.Also if a remote attacker exploits a (unrelated) vulnerability in a GUI application (e.g. web browser),he will have ability to attack X server.
In case of a local attacker that can use MIT-SHM extension (which is the most likely scenario),the exploit is very reliable.Identi er CVE-2010-2240 has been reserved for the underlying issue (Linux kernel not providing stack and heap separation).This issue has been known for at least five years.
Download PDF
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “Exploiting large memory management vulnerabilities in Xorg server running on Linux”
Leave a reply