Full Disclosure mailing list archives
Buffer overflow in XFree86
From: Olaf Hahn <olaf.hahn () qsc de>
Date: Thu, 12 Feb 2004 13:01:15 +0100
At Feb-10-2004 iDefense has released a Security Advisory regarding to an buffer overflow in XFree86.
http://www.idefense.com/application/poi/display?id=72&type=vulnerabilities&flashstatus=falseAccording to this advisory affected versions are 4.1.0 to 4.3.0 and there´s an description how to reproduce the buffer overflow.
I´ve tried this (on a system running SuSe 8.2 and XFree86 version 4.2.0) but nothing happens unless a message appears
>Fatal server error: >Server is already active for display 0 > If this server is no longer running, remove /tmp/.X0-lock > and start again. >When reporting a problem related to a server crash, please send >the full server output, not just the last messages. >Please report problems to http://www.suse.de/feedback. Can somebody reproduce this buffer overflow and under which conditions ? --Mit freundlichen Grüssen Olaf Hahn Datennetzdienste/Security QSC AG Mathias-Brüggen-Str. 55 50829 Köln Phone: +49 221 6698-443 Fax: +49 221 6698-409 E-Mail: olaf.hahn () qsc de
Internet: http://www.qsc.de ************************************Paranoid zu sein heisst nicht, dass nicht doch jemand hinter einem steht
************************************ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Buffer overflow in XFree86 Olaf Hahn (Feb 12)