BetaONE will rise again!


Reply
  #1  
Old 3rd May 06, 11:30 PM
NewsBot's Avatar
NewsBot NewsBot is offline
Senior Member
 
Join Date: Oct 2004
Posts: 30,940
NewsBot will become famous soon enough
Missing parenthesis causes 'critical' *nix flaw
An open-source security audit program funded by the U.S. Department of Homeland Security has flagged a critical vulnerability in the X Window System which is used in Unix and Linux systems. Coverity, the San Franciso-based company managing the project under a $1.25 million grant, described the flaw as the "biggest security vulnerability" found in the X Window System code since 2000.The X Window System, also called X11 or X, provides the toolkit and protocol to build GUIs for Unix and Unix-like operating systems.Coverity Chief Technical Officer Ben Chelf said the flaw resulted from a missing parenthesis on a small piece of the program that checked the ID of the user. It could be exploited to allow local users to execute code with root privileges, giving them the ability to overwrite system files or initiate denial-of-service attacks. The flaw was pinpointed during automated code scanning that formed part of the "Vulnerability Discovery and Remediation Open Source Hardening Project," a broad federal initiative to perform daily security audits of approximately 40 open-source software packages, including Linux, Apache, MySQL and Sendmail. The project will also pore over the code bases for FreeBSD, Mozilla, PostgreSQL and the GTK (GIMP Tool Kit) library.The flaw, which affects X11R6.9.0 and X11R7.0.0, was fixed within a week of its discovery, and Chelf said Coverity has implemented a system to analyze the X Window System on a continuous basis to help prevent new defects from entering the project. News source: eWeekRead full story...



News source: Full Story
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apple iTunes Security Flaw Discovered NewsBot NeoWin News 0 18th Nov 05 09:00 PM
IE Flaw Puts Windows XP SP2 at Risk NewsBot NeoWin News 0 16th Sep 05 11:30 PM
Flaw Found in Adobe Acrobat NewsBot NeoWin News 0 6th Jul 05 09:00 PM
Critical Flaw found in Winamp 5.06 and earlier NewsBot NeoWin News 0 28th Nov 04 07:00 AM
Java flaw could lead to Windows, Linux attacks NewsBot NeoWin News 0 24th Nov 04 12:00 AM


All times are GMT +1. The time now is 10:16 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.