IRIX 6.5.10m and libX11

[Michal Zalewski <lcamtuf () TPI PL>]

libX11 (Xlib) library shipped with IRIXes seems to be vulnerable to the
same vulnerability that affected XFree 3.3.6 some time ago (sun_path
sprintf()) - excessive local part in DISPLAY variable. On big endian
machines it would be generally more difficult to exploit it, because
one-byte fenceposts will affect high byte of every dword. We are limited
by a small subset of accepted characters. For more details, original post
can be found there:

          < http://www.securityfocus.com/archive/1/139436 >

Vendors were informed something around three weeks ago, but I have no
confirmation if it has been fixed yet.

--
_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=--=> Did you know that clones never use mirrors? <=--=