Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 May 1997 17:38:02 +0200 (MET DST)
From:      Eivind Eklund <perhaps@yes.no>
To:        security@freebsd.org
Cc:        rich@freebsd.org
Subject:   X libraries
Message-ID:  <199705301538.RAA08714@bitbox.follo.net>

next in thread | raw e-mail | index | archive | help

There is presently at least one hole in the X11 libraries (a buffer
overflow) being passed around in hacker circles.  This buffer overrun
makes it possible to exploit any setuid program for X11 (e.g. xterm)
user set to; xterm (and others) give root.

A temporary fix is to remove the setuid bit on all X11 executables;
the following statement will find them

> find /usr/X11R6 -perm -4000 -print

unless somebody has installed them in /usr/local/bin - hopefully not.

The following statement will remove the bits (untested) - and you
_will_ loose functionality on it:

> find /usr/X11R6 -perm -4000 -exec chmod u-s \{\} \;

This will _not_ remove group vulnerabilities.  Remember that running
an X-server locally is not required to be vulnerable; all non-patched
servers able to run xterm are vulnerable.

Hopefully XFree will provide replacement libraries soon; if not, I'll
try to do it, but I'm not presently equipped to compile new libraries
for all FreeBSD versions.  (The XFree liason is Cc:'ed - can you
comment on this, Rich?)

Eivind.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705301538.RAA08714>