*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2

*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2>
JFrog Blog – Yair Mizrahi
JFrog discovered two vulnerabilities in the popular X.Org libX11 graphics library:
CVE-2023-43786 – Denial of Service
CVE-2023-43787 – Remote Code Execution
CVE-2023-43787 allows attackers to achieve remote code execution by supplying a malformed XPM image that triggers a heap overflow in the vulnerable XCreateImage function.
The vulnerability can be triggered by any application that uses libXPM to parse externally supplied XPM images.
A simple proof of concept uses the sxpm CLI utility.
The article provides an in-depth analysis of the vulnerability and walks through multiple exploitation primitives like overwriting function pointers, write-what-where primitives, etc.
JFrog confirmed the JFrog Platform products are not vulnerable to these issues.
The Contextual Analysis capability in JFrog Xray can automatically detect if these vulnerabilities are applicable.
JFrog’s security research plays an important role in enhancing JFrog Xray’s vulnerability database, scanning capabilities, and remediation advice to improve customers’ security posture.
Link: https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two


Categories:

Tags: