Vigil@nce - X.Org Server: information disclosure via XkbSetGeometry
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can read a memory fragment via XkbSetGeometry on
X.Org Server, in order to obtain sensitive information.
Impacted products: Debian, XOrg Bundle
Severity: 1/4
Creation date: 11/02/2015
DESCRIPTION OF THE VULNERABILITY
The XKB extension of the X11 protocol offers advanced features to
manage keyboards.
The XkbSetGeometry message defines physical properties of a
keyboard: size, shape, key color, doodads, etc.
However, if the client indicates large field sizes in
XkbSetGeometry, then the xkb/xkb.c file of the X11 server accepts
to copy too many data, and to return them to the user.
A local attacker can therefore read a memory fragment via
XkbSetGeometry on X.Org Server, in order to obtain sensitive
information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/X-Org-Server-information-disclosure-via-XkbSetGeometry-16168