N/A

A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.

N/A

N/A

X.Org X Server 缓冲区错误漏洞

X.Org X Server是X.org基金会的一款X Window系统显示服务器。 X.Org X Server存在缓冲区错误漏洞，该漏洞源于攻击者通过XTestFakeInput请求发送长度大于32字节的GenericEvents，则XTest扩展的XTestFakeInput请求的交换处理程序可能会破坏堆栈导致X server运行权限的系统上的本地权限提升，并导致ssh X转发会话的远程代码执行。

N/A

N/A