Biggest X Window security hole since 2000

Coverity, Inc. announced that as a result of their contract with US Department of Homeland Security (DHS), the biggest X Window System security vulnerability of the last six years was identified and fixed.

Using Coverity Prevent, developers tracked down a critical security vulnerability in the X Window System, a graphical interface used in millions of computers, including most UNIX and Linux systems. The X Window System also ships as an optional GUI with Macintosh computers from Apple.

The vulnerability was found in versions X11R6.9.0 and X11R7.0.0 during a security analysis of 31 major open source projects that Coverity undertook as part of a DHS initiative. This pair of X Window System versions marked a major milestone when released in December of 2005, as they were the first major updates to the X Window System in more than a decade. After the X.Org development team received the results of the analysis, the vulnerability was fixed within a week. The security hole resulted from a missing parenthesis on a small piece of the program that checked the ID of the user. This flaw, caused by something as seemingly harmless as a missing closing parenthesis, allowed local users to execute code with root privileges, giving them the ability to overwrite system files or initiate denial of service attacks.

“Coverity Prevent is designed to help computer programmers automatically detect and remove software defects such as security vulnerabilities as the software is being built,” said Ben Chelf, CTO of Coverity. “We’ve implemented a system to analyze the X Window System on a continuous basis to help prevent new defects from entering into the project. In my experience, the X.Org team responded to defects extremely quickly to make their high quality software even better.”