May 3, 2006

Coverity Catches X Window Security Hole

Sharon Smith writes "Research contract from US Department of Homeland Security results in rapid fix to “worst case scenario” security vulnerability in critical software system

SAN FRANCISCO, May 2, 2006 – Coverity, Inc., makers of the world’s most advanced and scalable source code analysis solution, today announced that as a result of their contract with US Department of Homeland Security (DHS), the biggest X Window System security vulnerability of the last six years was identified and fixed.

Using Coverity Prevent, developers tracked down a critical security vulnerability in the X Window System, a graphical interface used in millions of computers, including most UNIX and Linux systems. The X Window System also ships as an optional GUI with Macintosh computers from Apple.

According to Daniel Stone, a release manager for the X.Org Foundation, the vulnerability was one of the most significant vulnerabilities discovered in recent memory, “something that we find once every three to six years and is very close to X’s worst case scenarios in terms of security. Coverity exposed vulnerabilities in our code that likely wouldn't have been spotted with human eyes. Its attention to subtle detail throughout the entire codebase – even parts you wouldn't normally examine manually – makes it a very valuable tool in checking your codebase, and has been of definite benefit to X.Org.”

The vulnerability was found in versions X11R6.9.0 and X11R7.0.0 during a security analysis of 31 major open source projects that Coverity undertook as part of a DHS initiative. This pair of X Window System versions marked a major milestone when released in December of 2005, as they were the first major updates to the X Window System in more than a decade. After the X.Org development team received the results of the analysis, the vulnerability was fixed within a week. The security hole resulted from a missing parenthesis on a small piece of the program that checked the ID of the user. This flaw, caused by something as seemingly harmless as a missing closing parenthesis, allowed local users to execute code with root privileges, giving them the ability to overwrite system files or initiate denial of service attacks.

“Coverity Prevent is designed to help computer programmers automatically detect and remove software defects such as security vulnerabilities as the software is being built,” said Ben Chelf, CTO of Coverity. “We’ve implemented a system to analyze the X Window System on a continuous basis to help prevent new defects from entering into the project. In my experience, the X.Org team responded to defects extremely quickly to make their high quality software even better.”


About Coverity
Coverity (, makers of the world's most advanced and scalable source code analysis solution for pinpointing software defects and security vulnerabilities, is a privately-held company headquartered in San Francisco. Coverity was founded in 2002 by leading Stanford University computer scientists whose four-year research project resulted in a breakthrough technique to address the costliest problem in the software industry. That research breakthrough allows developers to quickly and precisely eliminate software defects and security vulnerabilities in tens of millions of lines of new or legacy code. Today, Coverity's solution is used by more than 100 leading companies to significantly improve the quality and security of their software, including Juniper Networks, Symantec/VERITAS, McAfee, Synopsys, NASA, PalmOne, Sun Microsystems and Wind River.

Coverity is a registered trademark, and Coverity Extend and Coverity Prevent are trademarks of Coverity, Inc. All other company and product names are the property of their respective owners.

Media Contacts
Craig Oda
Page One PR for Coverity
+1 650 565 9800 x102

Russ Wood
Director, Corporate Marketing
+1 415 694 5304"


Click Here!