[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Buffer overflow in XFree86

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Buffer overflow in XFree86
From: Olaf Hahn <olaf.hahn@qsc.de>
Date: Thu, 12 Feb 2004 13:01:15 +0100

At Feb-10-2004 iDefense has released a Security Advisory regarding to an buffer overflow in XFree86. http://www.idefense.com/application/poi/display?id=72&type=vulnerabilities&flashstatus=false

According to this advisory affected versions are 4.1.0 to 4.3.0 and there´s an description how to reproduce the buffer overflow.

I´ve tried this (on a system running SuSe 8.2 and XFree86 version 4.2.0) but nothing happens unless a message appears

>Fatal server error:
>Server is already active for display 0
>        If this server is no longer running, remove /tmp/.X0-lock
>        and start again.


>When reporting a problem related to a server crash, please send
>the full server output, not just the last messages.
>Please report problems to http://www.suse.de/feedback.

Can somebody reproduce this buffer overflow and under which conditions ?

--

Mit freundlichen Grüssen

Olaf Hahn Datennetzdienste/Security QSC AG

Mathias-Brüggen-Str. 55 50829 Köln Phone: +49 221 6698-443 Fax: +49 221 6698-409 E-Mail: olaf.hahn@qsc.de Internet: http://www.qsc.de

************************************ Paranoid zu sein heisst nicht, dass nicht doch jemand hinter einem steht ************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] Re: HelpCtr - allow open any page or run
Next by Date: RE: [Full-Disclosure] Security Watch Essay (was: (no subject))
Previous by thread: [Full-Disclosure] getting dupe digest emails?
Next by thread: [Full-Disclosure] Removing FIred admins
Index(es):
- Date
- Thread