Bugtraq mailing list archives

Re: Vulnerability in the Xt library

From: zehl () informatik tu-muenchen de (Stefan `Sec` Zehl)
Date: Mon, 26 Aug 1996 01:07:45 +0200


Aleph One wrote:


There exists at least one vulnerability in the Xt library caused by a buffer
overrun that allows arbitrary code to be executed.

I can confirm this for FreeBSD-Current 2.2
but i can NOT confirm this for FreeBSD 2.1-Release...

after all this is a pretty severe BUG, and the only way (i can see) to patch
it is to get a new libXt... :(

CU,
        Sec
--
Email: sec () leo org or sec () matrix muc de      WWW: http://www.blafasel.de/~sec/
   Phone: 089/3618013 or 0177/2340515                IRC: Sec @ #blafasel
Hi! I'm a .signature virus!  Add me to your .signature and join in the fun!

Current thread:

BUG in /bin/bash Seven Up (Aug 22)
- <Possible follow-ups>
- Re: BUG in /bin/bash Red Barchetta (Aug 22)
  - Re: BUG in /bin/bash The Ghost who Admins (Aug 22)
  - Re: BUG in /bin/bash Digital Dreamer (Aug 22)
  - Re: BUG in /bin/bash Earle Ake (Aug 22)
  - IE 3.0? InterAccess Support Manager (Aug 22)
    - Re: IE 3.0? Dave Andersen (Aug 23)
    - More on the UnixWare problem Todd Vierling (Aug 23)
    - resolv+ and finger... C. Hodges (Aug 23)
    - Vulnerability in the Xt library Aleph One (Aug 24)
    - Re: Vulnerability in the Xt library Stefan `Sec` Zehl (Aug 25)
    - Re: Vulnerability in the Xt library Mike Neuman (Aug 27)
    - Re: Vulnerability in the Xt library Casper Dik (Aug 28)
    - Re: Vulnerability in the Xt library Mike Neuman (Aug 28)
    - RFD: libsuid VaX#n8 (Aug 24)
    - More on UnixWare 2.x vulnerability Todd Vierling (Aug 24)
    - Re: (WORKAROUND) More on UnixWare 2.x vulnerability Hannu Laurila (Aug 24)
    - polyglots (multi-language programs) John Nemeth (Aug 24)
  - Re: BUG in /bin/bash Arthur Hyun (Aug 22)
  - Re: BUG in /bin/bash Brian Clapper (Aug 23)