CVE-2015-0255 - XkbSetGeometry could allow a malicious client to access server memory

  • 7016170
  • 10-Feb-2015
  • 10-Feb-2015

Environment


Novell Filr
Novell iPrint for Linux
Novell Open Enterprise Server 11 (OES 11) Linux
Novell ZENworks Configuration Management

Situation

Novell has been made aware of a vulnerability affecting the SUSE Linux Enterprise Server (SLES) operating system: 

The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. The data length is up to 64k, it is possible to obtain more data by chaining strings, each string length is then determined by whatever happens to be in that 16-bit region of memory.

This vulnerability exists in the X server component that is commonly shipped with all Linux distributions including SUSE Linux. The X server that ships with Novell products is not configured by default in a manner that would make it susceptible to a remote exploit of this vulnerability.

The following Novell products include the SUSE Linux operating system and may be vulnerable if the server is running an X server that is configured for remote access.
Novell Filr
Novell iPrint Appliance
Novell Open Enterprise Server
Novell ZENworks

Resolution

Novell recommends that you do not allow remote access to your X server. As this is the default configuration you only need to take action if you have configured your server in a manner that makes it remotely susceptible to this vulnerability.

Novell will incorporate the patch from SUSE in the next regularly scheduled maintenance release.