"The attack allows a (unpriviliged) user process that has access to the X server (so, any GUI application) to unconditionally escalate to root (but again, it doesn't take advantage of any bug in the X server!).
"In other words: any GUI application (think e.g. sandboxed PDF viewer), if compromised (e.g. via malicious PDF document) can bypass all the Linux fancy security mechanisms, and escalate to root, and compromise the whole system," Ms. Rutkowska explains in a post on the company's blog.
The attack and the vulnerability are described in more detail in a paper (PDF) entitled "Exploiting large memory management vulnerabilities in Xorg server running on Linux," authored by Rafal Wojtczuk and published yesterday.
The flaw affects both x86_32 and x86_64 platforms and was reported to the X.org security team on 17 June 2010.
5 godina mator exploit... U principu ovo bi moglo da se odradi preko bilo koje aplikacije ne samo malicioznog pdf-a ali se na ovom primeru dokazala ranjivost.
Kad ce vise taj rootless X :(