Feeds

X-windows remote DoS with big fonts

Mozilla implicated

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

X-windows, with or without the font server (XFS) running can be crashed remotely via Mozilla when fonts are set to an unnaturally large size with CSS (Cascading Style Sheets), Tom Vogt of Lemuria.org has reported.

An X bug allows all available memory to be consumed, which causes the system to freeze. The behavior can be duplicated with applications like the Gimp, we're told, but these aren't remotely exploitable. But with Mozilla, a pest can easily set up a malicious Web site which will crash unsuspecting Tuxers' boxen and cause any unsaved data in open apps to go away.

I've confirmed it on Mozilla 0.9.4 with XFree86 4.2.0. It takes all of three seconds to immobilize a machine, and I was unable to kill X or reboot from the keyboard. It affects all known versions of Mozilla, numerous platforms, and is not limited to XF86.

If you wish to give it a go, simply paste this URL http://www.adeliesolutions.com/Projects/ into your Mozilla address bar and enjoy the show. Do make certain that you have no unsaved work, because in most cases a cold-boot is all that will bring the system back under control. Some experimenters have reported different effects, depending on the system configuration and combination of kernel and X versions, but most have met with complete immobilization.

Mozilla has opened a bug report here and work is being done, presumably to limit font sizes. However, Mozilla is merely a vector; the core problem lies somewhere in the way X handles outrageously large fonts. But we're optimistic; it shouldn't require too much rocket science to patch it so that it generates an error instead of attempting the impossible. ®

Related Link

the Lemuria advisory

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.