From owner-freebsd-security  Wed Jul  1 00:23:16 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA09307
          for freebsd-security-outgoing; Wed, 1 Jul 1998 00:23:16 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from Eleet.iele.polsl.gliwice.pl (michalk@eleet.iele.polsl.gliwice.pl [157.158.17.60])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA09300
          for <freebsd-security@FreeBSD.ORG>; Wed, 1 Jul 1998 00:23:08 -0700 (PDT)
          (envelope-from michalk@Eleet.iele.polsl.gliwice.pl)
Received: from localhost (michalk@localhost)
	by Eleet.iele.polsl.gliwice.pl (8.8.5/8.8.5) with SMTP id JAA10761
	for <freebsd-security@FreeBSD.ORG>; Wed, 1 Jul 1998 09:22:59 +0200
Date: Wed, 1 Jul 1998 09:22:58 +0200 (MET DST)
From: Michal Kopijasz <michalk@Eleet.iele.polsl.gliwice.pl>
To: freebsd-security@FreeBSD.ORG
Subject: Re: xlock
In-Reply-To: <19980629092005.33214@gil.physik.rwth-aachen.de>
Message-ID: <Pine.LNX.3.95.980701092105.10736C-100000@Eleet.iele.polsl.gliwice.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 29 Jun 1998, Christoph Kukulies wrote:

> On Mon, Jun 29, 1998 at 08:58:02AM +0200, Thomas Gellekum wrote:
> > Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE> writes:
> > 
> > > Alarmed by recent buffer overflow attacks on Linux machines in
> > > my vicinity (an exploit for this is available) I thought about
> > > xlock under FreeBSD and would like to know whether the
> > > security hole has been sorted out under FreeBSD 2.2.x or what
> > > measures are advised to prevent it.
> > 
> > Could you tell more about this?
> 
>  /* x86 XLOCK overflow exploit
>       by cesaro@0wned.org 4/17/97
> 
>       Original exploit framework - lpr exploit
> 
>       Usage: make xlock-exploit
>              xlock-exploit  <optional_offset>
> 
>       Assumptions: xlock is suid root, and installed in /usr/X11/bin
>   */
> 
> [complete xploit can be sent on demand]

do You can send me?

thanks

Michal; ircNET: mkm ;icq:UIN 14202913; http://elf.univ.waw.pl/~znachor
traceroute to siemianowice.sl.pl   mailto: mordownia@50.ml.org
"Albo znajdziemy droge, albo ja zbudujemy" Hannibal


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message