Date: Fri, 13 Feb 2004 10:37:32 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: "Barnes, John" <jbarnes@trusecure.com> Cc: "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org> Subject: Re: XFree86 Font Information File Buffer Overflow Message-ID: <20040213163732.GA73212@hellblazer.celabo.org> In-Reply-To: <FD09D7556F7E344780385861F01AEBE2A0C403@exchange05.mscore.trusecure.net> References: <FD09D7556F7E344780385861F01AEBE2A0C403@exchange05.mscore.trusecure.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 13, 2004 at 09:25:01AM -0500, Barnes, John wrote: > Has anyone see this alert? > > http://www.securityfocus.com/archive/1/353352 See <URL:http://www.vuxml.org/freebsd/3837f462-5d6b-11d8-80e3-0020ed76ef5a.html>; for information on the FreeBSD XFree86 package. > It seems to work on Linux, but when I tried the proof of concept on > 4.3.0,1 running 5.2 RELEASE, I couldn't get the X server to core dump > or segmentation fault. So, it seems likely to me that FreeBSD is not > vulnerable to this. Any other thoughts on this matter? I cannot speculate as to why ``the proof of concept'' didn't work for you. Likely an error in ``the proof of concept'', whatever it is. All versions of XFree86 on all platforms are vulnerable. Furthermore, it seems that many other X11R6-based servers are vulnerable, as the bug goes way back. It is a very simple `strcpy' buffer overflow. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040213163732.GA73212>