Posted by Roman Fiedler on May 20

Hello list,

A missing length check in libX11 causes data from LookupColor
requests mess up the client-server communication protocol and
inject malicious X server requests. The flaw is comparable to
SQLi injecting commands into database connections granting an
attacker access to all features of the connection protocol.

Even with the flaw being embedded in the C-API/library, it can
be easily demonstrated with a simple PoC run in xterm [1]. On…
Read More – Full Disclosure


By |2021-05-21T06:20:28-04:00May 21st, 2021|