FreeBSD : xorg-server -- Information leak in the XkbSetGeometry request of X servers. (54a69cf7-b2ef-11e4-b1f1-bcaec565249c)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Peter Hutterer reports :

Olivier Fourdan from Red Hat has discovered a protocol handling issue
in the way the X server code base handles the XkbSetGeometry request.

The issue stems from the server trusting the client to send valid
string lengths in the request data. A malicious client with string
lengths exceeding the request length can cause the server to copy
adjacent memory data into the XKB structs. This data is then available
to the client via the XkbGetGeometry request. The data length is at
least up to 64k, it is possible to obtain more data by chaining
strings, each string length is then determined by whatever happens to
be in that 16-bit region of memory.

A similarly crafted request can likely cause the X server to crash.

See also :

http://lists.freedesktop.org/archives/xorg/2015-February/057158.html
http://www.nessus.org/u?c5d418e2

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 81332 ()

Bugtraq ID:

CVE ID: CVE-2015-0255

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now