MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
server
Recherche

Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years

mardi 29 octobre 2024, 23:00 , par Slashdot
Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years
Phoronix's Michael Larabel reports: CVE-2024-9632 was made public today as the latest security vulnerability affecting the X.Org Server. The CVE-2024-9632 security issue has been present in the codebase now for 18 years and can lead to local privilege escalation. Introduced in the X.Org Server 1.1.1 release back in 2006, CVE-2024-9632 affects the X.Org Server as well as XWayland too. By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.

This security issue is within _XkbSetCompatMap() and stems from not updating the heap size properly and can lead to local privilege escalation if the server is run as root or as a remote code execution with X11 over SSH. You can read the security advisory announcement here.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://it.slashdot.org/story/24/10/29/2029233/local-privilege-escalation-vulnerability-affecting-xo...

Voir aussi

server Heartbreaking photos reveal what beloved stuffed animals look like after years of love BoingBoing 9 Nov
org 20 Years Ago Today: 'Firefox Browser Takes on Microsoft' Slashdot 9 Nov
escalation Microsoft still not said anything about unexpected Windows Server 2025 installs TheRegister 8 Nov
privilege Europe's Largest Local Authority Slammed For 'Poorest' ERP Rollout Ever Slashdot 8 Nov
security Former SK hynix chip engineer gets 1.5 years in prison for IP theft TheRegister 8 Nov
local Europe's largest local authority slammed for 'poorest' ERP rollout ever TheRegister 8 Nov
cve- 764 Terror Network Member Richard Densmore Sentenced to 30 Years in Prison Wired: Tech. 7 Nov
years Apple is back in the server business ComputerWorld 7 Nov
vulnerability Killer app for AI is still years away, says industry analyst TheRegister 7 Nov
affecting Sysadmin Shock As Windows Server 2025 Installs Itself After Update Labeling Error Slashdot 7 Nov
lead Nearly Three Years Since Launch, Webb Is a Hit Among Astronomers Slashdot 7 Nov
issue Sysadmin shock as Windows Server 2025 installs itself after update labeling error TheRegister 6 Nov
read A Kansas pig butchering: CEO who defrauded bank, church, friends gets 24 years TheRegister 5 Nov
server Windows Server IoT 2025 released OS News 5 Nov
org New homeowners unfortunately discover what happened to previous owner who vanished 15 years ago BoingBoing 5 Nov
escalation Windows Server 2025 released OS News 4 Nov
privilege Buckle up, admins – Windows Server 2025 officially hits GA TheRegister 4 Nov
security A new SharePoint vulnerability is already being exploited ComputerWorld 4 Nov
local Why the long name? Okta discloses auth bypass bug affecting 52-character usernames TheRegister 4 Nov
cve- Indonesia Bans Google Pixel Phones Over Local Rules Slashdot 1 Nov
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 21 nov. - 15:22 CET