lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <402B6B0B.8070108@qsc.de>
From: olaf.hahn at qsc.de (Olaf Hahn)
Subject: Buffer overflow in XFree86

At Feb-10-2004 iDefense has released a Security Advisory regarding to an 
buffer overflow in XFree86.
http://www.idefense.com/application/poi/display?id=72&type=vulnerabilities&flashstatus=false

According to this advisory affected versions are 4.1.0 to 4.3.0 and 
there?s an description how to reproduce the buffer overflow.

I?ve tried this (on a system running SuSe 8.2 and XFree86 version 4.2.0) 
but nothing happens unless a message appears

 >Fatal server error:
 >Server is already active for display 0
 >        If this server is no longer running, remove /tmp/.X0-lock
 >        and start again.


 >When reporting a problem related to a server crash, please send
 >the full server output, not just the last messages.
 >Please report problems to http://www.suse.de/feedback.

Can somebody reproduce this buffer overflow and under which conditions ?

-- 


Mit freundlichen Gr?ssen 

Olaf Hahn 
Datennetzdienste/Security 
QSC AG 

Mathias-Br?ggen-Str. 55 
50829 K?ln 
Phone: +49 221 6698-443 
Fax: +49 221 6698-409 
E-Mail: olaf.hahn@....de
Internet: http://www.qsc.de

************************************
Paranoid zu sein heisst nicht, dass 
nicht doch jemand hinter einem steht
************************************


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ