VULHUB ™

Accelerated-X, also known as Accel-X, is a popular commercial X server available from Xi Graphics. The servers are normally installed setuid root, and contain multiple buffer overflow vulnerabilities. These vulnerabilities were found in the passing of oversized command line arguments to the servers causing the stack to be overwritten and the flow of execution for the Xserver changed. Two of these vulnerabilities is known to be related to the -query argument and the DISPLAY environment variable, upon neither of which is bounds checking performed. The consequence of these vulnerabilities being exploited is local root compromise.

Accelerated-X, also known as Accel-X, is a popular commercial X server available from Xi Graphics. The servers are normally installed setuid root, and contain multiple buffer overflow vulnerabilities. These vulnerabilities were found in the passing of oversized command line arguments to the servers causing the stack to be overwritten and the flow of execution for the Xserver changed. Two of these vulnerabilities is known to be related to the -query argument and the DISPLAY environment variable, upon neither of which is bounds checking performed. The consequence of these vulnerabilities being exploited is local root compromise.