Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Feb 2004 13:43:59 -0500
From:      "Barnes, John" <jbarnes@trusecure.com>
To:        "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org>
Subject:   RE: XFree86 Font Information File Buffer Overflow
Message-ID:  <FD09D7556F7E344780385861F01AEBE2A0C40A@exchange05.mscore.trusecure.net>

next in thread | raw e-mail | index | archive | help
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I misread a '1' for an 'l' on the exploit.  X blows up quite handily
now.

John

- -----Original Message-----
From: owner-freebsd-security@freebsd.org
[mailto:owner-freebsd-security@freebsd.org]On Behalf Of Barnes, John
Sent: Friday, February 13, 2004 9:25 AM
To: 'freebsd-security@freebsd.org'
Subject: XFree86 Font Information File Buffer Overflow


 

Has anyone see this alert?

http://www.securityfocus.com/archive/1/353352

It seems to work on Linux, but when I tried the proof of concept on
4.3.0,1 running 5.2 RELEASE, I couldn't get the X server to core dump
or segmentation fault.  So, it seems likely to me that FreeBSD is not
vulnerable to this.   Any other thoughts on this matter?

John Barnes
TruSecure




-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQC0a75uhTuCp6UG8EQKR1QCfZ7yY/aLPpEwaTUzfkHTx/4XLMHwAn1ZS
wcYsrNt8WybW2w5wY0I/YUvr
=+Jwe
-----END PGP SIGNATURE-----

***********************************************************************
This message is intended only for the use of the intended recipient and
may contain information that is PRIVILEGED and/or CONFIDENTIAL.  If you
are not the intended recipient, you are hereby notified that any use,
dissemination, disclosure or copying of this communication is strictly
prohibited.  If you have received this communication in error, please
destroy all copies of this message and its attachments and notify us
immediately.
***********************************************************************



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FD09D7556F7E344780385861F01AEBE2A0C40A>