|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: XFree86 Font Information File Buffer Overflow
From: Jacques A. Vidrine (nectar
FreeBSD.org)
Date: Fri Feb 13 2004 - 10:37:32 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Feb 13, 2004 at 09:25:01AM -0500, Barnes, John wrote:
> Has anyone see this alert?
>
> http://www.securityfocus.com/archive/1/353352
See
<URL:http://www.vuxml.org/freebsd/3837f462-5d6b-11d8-80e3-0020ed76ef5a.html>
for information on the FreeBSD XFree86 package.
> It seems to work on Linux, but when I tried the proof of concept on
> 4.3.0,1 running 5.2 RELEASE, I couldn't get the X server to core dump
> or segmentation fault. So, it seems likely to me that FreeBSD is not
> vulnerable to this. Any other thoughts on this matter?
I cannot speculate as to why ``the proof of concept'' didn't work for
you. Likely an error in ``the proof of concept'', whatever it is.
All versions of XFree86 on all platforms are vulnerable. Furthermore,
it seems that many other X11R6-based servers are vulnerable, as the bug
goes way back. It is a very simple `strcpy' buffer overflow.
Cheers,
--
Jacques Vidrine / nectarcelabo.org / jvidrineverio.net / nectarfreebsd.org
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]