Bugtraq mailing list archives
IRIX 6.5.10m and libX11
From: Michal Zalewski <lcamtuf () TPI PL>
Date: Tue, 19 Dec 2000 10:53:07 +0100
libX11 (Xlib) library shipped with IRIXes seems to be vulnerable to the same vulnerability that affected XFree 3.3.6 some time ago (sun_path sprintf()) - excessive local part in DISPLAY variable. On big endian machines it would be generally more difficult to exploit it, because one-byte fenceposts will affect high byte of every dword. We are limited by a small subset of accepted characters. For more details, original post can be found there: < http://www.securityfocus.com/archive/1/139436 > Vendors were informed something around three weeks ago, but I have no confirmation if it has been fixed yet. -- _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =--=> Did you know that clones never use mirrors? <=--=
Current thread:
- IRIX 6.5.10m and libX11 Michal Zalewski (Dec 19)