OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: another Xlib buffer overflow
From: Cy Schubert - ITSD Open Systems Group (Cy.SchubertUUMAIL.GOV.BC.CA)
Date: Mon Oct 16 2000 - 07:01:34 CDT

In message <14823.32893.941728.85487laas.fr>, Matthieu Herrb writes:
> You wrote (in your message from Friday 13)
> >
> > Vulnerable object: XFree 3.3.x Xlib (no data on 4.0.x); no mention of fix
> > in "security issues" page at www.xfree86.org.
> >
>
> It was fixed in XFree86 4.0. From the CHANGELOG:
>
> XFree86 3.9Nu (13 January 1999)
> [...]
> 2141. Fix some sun_path overflows in xtrans.

It doesn't appear to be fixed in 3.3.6:

cwsys$ DISPLAY=:`perl -e '{print "0"x128}'` xterm
Segmentation fault
cwsys$

Exploit anyone?

Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/DEC Team Internet: Cy.Schubertosg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC