Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Buffer overflow in XFree86

From: Olaf Hahn <olaf.hahn () qsc de>
Date: Thu, 12 Feb 2004 13:01:15 +0100
At Feb-10-2004 iDefense has released a Security Advisory regarding to an buffer overflow in XFree86. 
http://www.idefense.com/application/poi/display?id=72&type=vulnerabilities&flashstatus=false
According to this advisory affected versions are 4.1.0 to 4.3.0 and there´s an description how to reproduce the buffer overflow.
I´ve tried this (on a system running SuSe 8.2 and XFree86 version 4.2.0) but nothing happens unless a message appears 

>Fatal server error:
>Server is already active for display 0
>        If this server is no longer running, remove /tmp/.X0-lock
>        and start again.


>When reporting a problem related to a server crash, please send
>the full server output, not just the last messages.
>Please report problems to http://www.suse.de/feedback.

Can somebody reproduce this buffer overflow and under which conditions ?

--
Mit freundlichen Grüssen Olaf Hahn Datennetzdienste/Security QSC AG Mathias-Brüggen-Str. 55 50829 Köln Phone: +49 221 6698-443 Fax: +49 221 6698-409 E-Mail: olaf.hahn () qsc de 
Internet: http://www.qsc.de

************************************
Paranoid zu sein heisst nicht, dass nicht doch jemand hinter einem steht 
************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: