IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Biggest X Window Security Hole Fixed Since 2000

Coverity says as a result of their contract with the Department of Homeland Security they have assisted to identify and fix the biggest X Window System security vulnerability in the last six years

Coverity Inc. recently announced that as a result of their contract with the U.S. Department of Homeland Security (DHS), the biggest X Window System security vulnerability of the last six years was identified and fixed.

Using Coverity Prevent, developers tracked down a critical security vulnerability in the X Window System, a graphical interface used in millions of computers, including most UNIX and Linux systems. The X Window System also ships as an optional GUI with Macintosh computers from Apple.

The vulnerability was found in versions X11R6.9.0 and X11R7.0.0 during a security analysis of 31 major open source projects that Coverity undertook as part of a DHS initiative. This pair of X Window System versions marked a major milestone when released in December of 2005, as they were the first major updates to the X Window System in more than a decade. After the X.Org development team received the results of the analysis, the vulnerability was fixed within a week. The security hole resulted from a missing parenthesis on a small piece of the program that checked the ID of the user. This flaw, caused by something as seemingly harmless as a missing closing parenthesis, allowed local users to execute code with root privileges, giving them the ability to overwrite system files or initiate denial of service attacks.

Related story:

Open Source Quality Check Completed By Government Funded Research