Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

NetBSD: XFree86 font buffer overflow vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
NetBSD There is an integer overflow in the XFree86 font libraries, which could lead topotential privilege escalation and/or remote code execution.

		 NetBSD Security Advisory 2003-015

Topic:		Remote and local vulnerabilities in XFree86 font libraries

Version:	NetBSD-current:	source prior to August 31, 2003
		NetBSD 1.6.1:	affected
		NetBSD 1.6:	affected
		NetBSD-1.5.3:	affected
		NetBSD-1.5.2:	affected
		NetBSD-1.5.1:	affected
		NetBSD-1.5:	affected

Severity:	High, for systems running an X server.

Fixed:		NetBSD-current:		August 31, 2003
		(xsrc is not branched by NetBSD release)


There is an integer overflow in the XFree86 font libraries, which could lead to
potential privilege escalation and/or remote code execution.

Technical Details

As seen in this advisory, the exact details of these issues have not been

Solutions and Workarounds

Workaround (proposed in the XFree86 advisory):

Ensure that neither xfs nor the X server include untrusted font servers in
their font search paths.  Xfs is not started by default in NetBSD and the
X server contains only directories under /usr/X11R6/lib/X11/fonts in its
font path.

To prevent the local privilege escalation problem, remove the suid bit from the
Xserver binary.  This will mean that only root can start the X server.

        chmod u-s /usr/X11R6/bin/XFree86

Please note that removing the suid bit will NOT prevent a compromise due to
malicious fonts.


The following instructions describe how to upgrade your X
binaries by updating your source tree and rebuilding and
installing a new version of X.

* NetBSD (all versions):

	Systems running NetBSD with X dated from before 2003-08-30
	should be upgraded to NetBSD with X dated 2003-08-31 or later.

	Unlike the main NetBSD source tree (src), xsrc is not branched
	based on NetBSD versions.

	The following directories need to be updated from the netbsd CVS:

	To update from CVS, re-build, and re-install X:
		# cd xsrc
		# cvs update -d -P xc/lib/font/fc xc/lib/FS \
			xfree/xc/lib/font/fc xfree/xc/lib/FS

		# make build

(The 'build' target performs installation as well as compilation)

Thanks To

Matthias Scheler

Revision History

	2003-10-09	Initial release

More Information

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at

Information about NetBSD and NetBSD security can be found at and

Copyright 2003, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2003-015.txt,v 1.4 2003/10/09 03:30:14 groo Exp $

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.