科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网安全频道X.Org X Server RENDER扩展整数溢出漏洞

X.Org X Server RENDER扩展整数溢出漏洞

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

Xorg X Server是多个厂商操作系统中所捆绑的X窗口系统显示服务器。客户端请求中的值被直接用于计算所要交换的客户端请求数据的字节数。

作者:赛迪网 来源:赛迪网 2008年6月17日

关键字: 数据库漏洞 漏洞管理 漏洞

  • 评论
  • 分享微博
  • 分享邮件

Xorg X Server是多个厂商操作系统中所捆绑的X窗口系统显示服务器。客户端请求中的值被直接用于计算所要交换的客户端请求数据的字节数。由于没有正取的验证字节交换范围,可能导致堆溢出。

发布日期:2008-06-11

更新日期:2008-06-13

受影响系统:

X.org X11 R7.3

描述:

----------------------------------------------------------------------------

BUGTRAQ ID: 29670

CVE(CAN) ID: CVE-2008-2362

Xorg X Server是多个厂商操作系统中所捆绑的X窗口系统显示服务器。

X.Org X Server的RENDER扩展在解析客户端请求时没有正确的验证以下函数的参数:

SProcRenderCreateLinearGradient

SProcRenderCreateRadialGradient

SProcRenderCreateConicalGradient

客户端请求中的值被直接用于计算所要交换的客户端请求数据的字节数。由于没有正取的验证字节交换范围,可能导致堆溢出。

如果攻击者能够访问控制台的话,就可以通过向受影响的X服务器发送命令触发这些溢出,导致以root权限执行任意代码。如果将X服务器配置为监听基于TCP的客户端连接,且允许客户端通过xhosts文件创建会话,就可以远程利用这些漏洞。

<*来源:Matthieu Herrb (xorg@lists.freedesktop.org)

regenrecht

链接:http://secunia.com/advisories/30627/

http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-238686-1

http://www.debian.org/security/2008/dsa-1595

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720

https://www.redhat.com/support/errata/RHSA-2008-0504.html

*>

建议:

----------------------------------------------------------------------------

临时解决方法:

* 禁用有漏洞的扩展:

Section "Extensions"

Option "RENDER" "disable"

EndSection

厂商补丁:

Debian

------

Debian已经为此发布了一个安全公告(DSA-1595-1)以及相应补丁:

DSA-1595-1:New xorg-server packages fix several vulnerabilities

链接:http://www.debian.org/security/2008/dsa-1595

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.

tar.gzSize/MD5 checksum: 8388609 15852049050e49f380f953d8715500b9

http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-

21etch5.diff.gz

Size/MD5 checksum: 632764 c982d4e00ede14d7627297a457d0320b

http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-

21etch5.dsc

Size/MD5 checksum: 2024 fc534ccff948c702a4ef0cf531deaccf

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-

21etch5_alpha.deb

Size/MD5 checksum: 353656 2706862a69138ee94fcbb31211e0c4a5

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-

21etch5_alpha.deb

Size/MD5 checksum: 4455548 ff3a26b71c5e317258df73baa97ab7e2

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-

21etch5_alpha.deb

Size/MD5 checksum: 1030886 44ff2d44fcfaf0473e7bdc43180f0beb

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-

21etch5_alpha.deb

Size/MD5 checksum: 1767104 79c0289e2d897f6173240887459a6bd4

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-

21etch5_alpha.deb

Size/MD5 checksum: 1930704 c6ef24273a6f88b77088e2cd8cd8db1e

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-

21etch5_alpha.deb

Size/MD5 checksum: 140478 286561a4926171499be367df85bc7146

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-

21etch5_alpha.deb

Size/MD5 checksum: 1964526 22a6658d46f631e0a60c618dd4fb723d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-

21etch5_amd64.deb

Size/MD5 checksum: 134018 08d9419fdbff4f1e163122fa5112e336

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-

21etch5_amd64.deb

Size/MD5 checksum: 1654086 37abd310608a1204a95e90878fd0e1d1

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-

21etch5_amd64.deb

Size/MD5 checksum: 859948 37099efb5371cb17f6689e3c90dd0038

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-

21etch5_amd64.deb

Size/MD5 checksum: 1472576 c0e587f113cc6fd656587ed08959bff2

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-

21etch5_amd64.deb

Size/MD5 checksum: 1622812 ccb434f8e7dc1908c61652f71a4512cd

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-

21etch5_amd64.deb

Size/MD5 checksum: 350956 5cf742aa111b5e006d015e85bb7afdfb

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-

21etch5_amd64.deb

Size/MD5 checksum: 3919134 e1befedf8342c06a50ea3dd84ac5da5f

arm architecture (ARM)

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-

21etch5_arm.deb

Size/MD5 checksum: 125572 4f0f268985c0596e0f5b059459308abd

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-

21etch5_arm.deb

Size/MD5 checksum: 3778010 e716984d0990375c62a0d5a4a5cbabc0

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-

21etch5_arm.deb

Size/MD5 checksum: 352298 462cb5ee2ccfb0d220a94413b4fa0e77

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-

21etch5_arm.deb

Size/MD5 checksum: 1446028 cd0fca4306ea72641d82bcf8751fc418

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-

21etch5_arm.deb

Size/MD5 checksum: 1598864 db43f26ed6a6f1b3125e0af7920b3f89

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-

21etch5_arm.deb

Size/MD5 checksum: 854518 16a33b692e5ca981e6a7e71a15e650bb

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-

21etch5_arm.deb

Size/MD5 checksum: 1622894 0c2289bee8b093b0f9c3328faebcb02e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-

21etch5_hppa.deb

Size/MD5 checksum: 1822068 48fe44f3fdf125336657a8c1b019daf8

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-

21etch5_hppa.deb

Size/MD5 checksum: 1662618 64d8f779fcce4a61b1556a5f13669204

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-

21etch5_hppa.deb

Size/MD5 checksum: 4400602 0f72c68314ef61163178688104e2cf8d

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-

21etch5_hppa.deb

Size/MD5 checksum: 353908 5ffc6917aff7513248e4042617197871

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-

21etch5_hppa.deb

Size/MD5 checksum: 910136 59828e23227be68ea9553b2cf71328e9

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-

21etch5_hppa.deb

Size/MD5 checksum: 1854792 9b60b9f61b0481817166b94c261c6c44

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-

21etch5_hppa.deb

Size/MD5 checksum: 134908 649b2e1b4d1f2349305d1a8345bc2b4a

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-

21etch5_i386.deb

Size/MD5 checksum: 1388494 2d75e017e06d12fef00abd3516b19aa1

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-

21etch5_i386.deb

Size/MD5 checksum: 808458 f243812b25df4f648a428fbe0e53f387

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-

21etch5_i386.deb

Size/MD5 checksum: 1538312 cd554920bc9601c748383d64bd4072ac

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-

21etch5_i386.deb

Size/MD5 checksum: 121818 ed0f888cfc27db61a3e8f723b93ad1bb

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-

21etch5_i386.deb

Size/MD5 checksum: 345606 72c2acb632d6c86fdcd2b05759747ec8

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-

21etch5_i386.deb

Size/MD5 checksum: 3655134 44748e455c0430134e2b81704276ab64

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-

21etch5_i386.deb

Size/MD5 checksum: 1563522 a68b5bb2ded4aaeb38af7bb1d069eaa1

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-

21etch5_ia64.deb

Size/MD5 checksum: 2496678 f696eadca3cc5646d5c5cfa3d45f737e

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-

21etch5_ia64.deb

Size/MD5 checksum: 2448490 5e86a9c9f46fdae3d838df88a6a08f29

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-

21etch5_ia64.deb

Size/MD5 checksum: 5491656 0778e3c6a23cd6190f789b5b790526ed

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-

21etch5_ia64.deb

Size/MD5 checksum: 2220690 6e88b371e6de346a26a5b157601e13f3

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-

21etch5_ia64.deb

Size/MD5 checksum: 161788 cd678648723e9cab464144dab81f7b3d

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-

21etch5_ia64.deb

Size/MD5 checksum: 1306936 ff26354f105c0b08424588b5dd44023a

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-

21etch5_ia64.deb

Size/MD5 checksum: 345528 aab6138fba10180d29e2a849aa5d1d11

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-

21etch5_mips.deb

Size/MD5 checksum: 137652 cbaf8796e7f4db0dc869ff9607caa230

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-

21etch5_mips.deb

Size/MD5 checksum: 3842442 38aa5e3b6cf0ed22f0322d7acad35d10

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-

21etch5_mips.deb

Size/MD5 checksum: 1682974 0a04a328ea52ac64d6d3b35b4aafc2d6

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-

21etch5_mips.deb

Size/MD5 checksum: 1537288 9d0cf23ee7ef9ebb25467e1ec15659e2

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-

21etch5_mips.deb

Size/MD5 checksum: 1714678 a7dc64ea9d8ea2b4c88075235f2c465d

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-

21etch5_mips.deb

Size/MD5 checksum: 862590 dae745db6339d6b3ee874f9cf5991d7c

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-

21etch5_mips.deb

Size/MD5 checksum: 353814 3a0181d7c775dce97018d5457c75bf33

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-

21etch5_mipsel.deb

Size/MD5 checksum: 134954 f61f2419ef8fad397243d7efc638db98

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-

21etch5_mipsel.deb

Size/MD5 checksum: 345558 f5ba2c73c9a1ed528b7ff1ba173f0114

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-

21etch5_mipsel.deb

Size/MD5 checksum: 1528702 5d453afbb299c865d1c75daf8eb2bf64

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-

21etch5_mipsel.deb

Size/MD5 checksum: 1674800 6324ac98164b8a9afa527149494ea044

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-

21etch5_mipsel.deb

Size/MD5 checksum: 1709264 6a837175dff2a568b8bc81007038c1eb

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-

21etch5_mipsel.deb

Size/MD5 checksum: 3710732 b554e87fb4100c6495853da0b09df739

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-

21etch5_mipsel.deb

Size/MD5 checksum: 862620 b1cf7114eda921f92e0c49a2ec081682

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-

21etch5_powerpc.deb

Size/MD5 checksum: 842676 0db68c7ca974d3e136f296d8651efb07

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-

21etch5_powerpc.deb

Size/MD5 checksum: 3983816 8a1b74966c423a5c473997a46abb55c1

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-

21etch5_powerpc.deb

Size/MD5 checksum: 1612710 57561a7d212cadb23fe56e4e663d3274

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-

21etch5_powerpc.deb

Size/MD5 checksum: 1448654 2fba5a0781f499ffed19e04f8d0ebb21

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-

21etch5_powerpc.deb

Size/MD5 checksum: 1587794 c4054528cfcc1d159769002064633724

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-

21etch5_powerpc.deb

Size/MD5 checksum: 345594 68d046b496080fb1bf02f874b76a47c0

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-

21etch5_powerpc.deb

Size/MD5 checksum: 136982 f9736a4fe2dc18a6b48e64c08012204a

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-

21etch5_s390.deb

Size/MD5 checksum: 4132622 f4a24c252b0c631f9f167b17ccaee281

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-

21etch5_s390.deb

Size/MD5 checksum: 1740820 dc93f80715edf4824e0ab9132f2cec4c

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-

21etch5_s390.deb

Size/MD5 checksum: 1566750 f62c4b61e2bdc5a04c4a5365af064313

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-

21etch5_s390.deb

Size/MD5 checksum: 130744 b5c7f27981f36b56d6a5c640514f3ee6

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-

21etch5_s390.deb

Size/MD5 checksum: 345526 048f84d8a5e196fedff3c96dcecfcedd

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-

21etch5_s390.deb

Size/MD5 checksum: 885218 bdd1fda7f1340585fd9884ace64f12c2

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-

21etch5_s390.deb

Size/MD5 checksum: 1709994 54fd0c7a4ccaf8c739d77d1b4a2af64f

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-

21etch5_sparc.deb

Size/MD5 checksum: 346026 fa0865d3f1c20f78a8c7f8cf862a19c2

http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-

21etch5_sparc.deb

Size/MD5 checksum: 1524636 f1173aaf52f47a537cdf0d101d59118b

http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-

21etch5_sparc.deb

Size/MD5 checksum: 1392106 616401ab84a3aacfc160a1778905db3e

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-

21etch5_sparc.deb

Size/MD5 checksum: 1548902 df4d826882bc583849c18f956986f12b

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-

21etch5_sparc.deb

Size/MD5 checksum: 120070 20a1f9d22a7c91443e24a903e34c89ae

http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-

21etch5_sparc.deb

Size/MD5 checksum: 779658 fbe53553bbb53dabb36bdaabce4dfc17

http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-

21etch5_sparc.deb

Size/MD5 checksum: 3697696 266f42a55e01cca9a1cae85eaf35e67e

补丁安装方法:

1. 手工安装补丁包:

首先,使用下面的命令来下载补丁软件:

# wget url (url是补丁下载链接地址)

然后,使用下面的命令来安装补丁:

# dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

首先,使用下面的命令更新内部数据库:

# apt-get update

然后,使用下面的命令安装更新软件包:

# apt-get upgrade

RedHat

------

RedHat已经为此发布了一个安全公告(RHSA-2008:0504-01)以及相应补丁:

RHSA-2008:0504-01:Important: xorg-x11-server security update

链接:https://www.redhat.com/support/errata/RHSA-2008-0504.html

Sun

---

Sun已经为此发布了一个安全公告(Sun-Alert-238686)以及相应补丁:

Sun-Alert-238686:Multiple security vulnerabilities in the

Solaris X Server Extensions

may lead to a Denial of Service (DoS) condition or allow Execution of Arbitrary Code

链接:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-238686-1

X.org

-----

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-

1.4-cve-2008-2362.diff

    • 评论
    • 分享微博
    • 分享邮件
    VIP专区
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章

    业界热点:

    北京第二十六维信息技术有限公司(至顶网)版权所有. 京ICP备15039648号-7 京ICP证161336号 京公网安备 11010802021500号