- Home
- CVEs with nessus.description==Alan Coopersmith reports :
Ilja van Sprundel, a security researcher with IOActive, has discovered
a large number of issues in the way the X server code base handles
requests from X clients, and has worked with X.Org's security team to
analyze, confirm, and fix these issues.
The vulnerabilities could be exploited to cause the X server to access
uninitialized memory or overwrite arbitrary memory in the X server
process. This can cause a denial of service (e.g., an X server
segmentation fault), or could be exploited to achieve arbitrary code
execution.
The GLX extension to the X Window System allows an X client to send X
protocol to the X server, to request that the X server perform OpenGL
rendering on behalf of the X client. This is known as 'GLX indirect
rendering', as opposed to 'GLX direct rendering' where the X client
submits OpenGL rendering commands directly to the GPU, bypassing the X
server and avoiding the X server code for GLX protocol handling.
Most GLX indirect rendering implementations share some common
ancestry, dating back to 'Sample Implementation' code from Silicon
Graphics, Inc (SGI), which SGI originally commercially licensed to
other Unix workstation and graphics vendors, and later released as
open source, so those vulnerabilities may affect other licensees of
SGI's code base beyond those running code from the X.Org Foundation or
the XFree86 Project.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top