Security researchers have discovered a critical vulnerability in the X Window system used in Unix and Linux systems. The buffer overflow vulnerability creates a means for hackers to seize root access to vulnerable systems or launch denial of service attacks. So it's just as well that patches are available.

The flaw stems from programming errors within the XRender extension triangle handling code connected with a missing parentheses. "This can be exploited by a client that is authorised to connect to the X server to cause a buffer overflow," security notification firm Secunia explains.

The error was unearthed using an automated code-scanning tool during an open-source security audit conducted by security firm Coverity and paid for by the US Department of Homeland Security. The vulnerability reportedly affects X11R6.8.x, X11R6.9.0, and X11R7.0 (xorg-server 1.0.x). More info and details of available patches can be found in Secunia's advisory here (http://secunia.com/advisories/19900). ®

Related stories

The quest for ring zero (12 May 2006)
http://www.theregister.co.uk/2006/05/12/smm_attack/
Triple threat to Mac OS X largely academic (27 February 2006)
http://www.theregister.co.uk/2006/02/27/apple_security_threats_a_reality/
Linux worm targets PHP flaw (20 February 2006)
http://www.theregister.co.uk/2006/02/20/linux_worm/
Windows beats Linux - Unix on vulnerabilities - CERT (5 January 2006)
http://www.theregister.co.uk/2006/01/05/windows_linux_unix_security_vulnerabilities/
Linux users warned over Firefox flaw (21 September 2005)
http://www.theregister.co.uk/2005/09/21/linux_firefox_security_bug/