[<prev] [next>] [day] [month] [year] [list]
Message-ID: <402B6B0B.8070108@qsc.de>
From: olaf.hahn at qsc.de (Olaf Hahn)
Subject: Buffer overflow in XFree86
At Feb-10-2004 iDefense has released a Security Advisory regarding to an
buffer overflow in XFree86.
http://www.idefense.com/application/poi/display?id=72&type=vulnerabilities&flashstatus=false
According to this advisory affected versions are 4.1.0 to 4.3.0 and
there?s an description how to reproduce the buffer overflow.
I?ve tried this (on a system running SuSe 8.2 and XFree86 version 4.2.0)
but nothing happens unless a message appears
>Fatal server error:
>Server is already active for display 0
> If this server is no longer running, remove /tmp/.X0-lock
> and start again.
>When reporting a problem related to a server crash, please send
>the full server output, not just the last messages.
>Please report problems to http://www.suse.de/feedback.
Can somebody reproduce this buffer overflow and under which conditions ?
--
Mit freundlichen Gr?ssen
Olaf Hahn
Datennetzdienste/Security
QSC AG
Mathias-Br?ggen-Str. 55
50829 K?ln
Phone: +49 221 6698-443
Fax: +49 221 6698-409
E-Mail: olaf.hahn@....de
Internet: http://www.qsc.de
************************************
Paranoid zu sein heisst nicht, dass
nicht doch jemand hinter einem steht
************************************
Powered by blists - more mailing lists