From owner-freebsd-security Fri May 30 08:38:37 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA21146 for security-outgoing; Fri, 30 May 1997 08:38:37 -0700 (PDT) Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA21131; Fri, 30 May 1997 08:38:22 -0700 (PDT) Received: (from eivind@localhost) by bitbox.follo.net (8.7.6/8.7.3) id RAA08714; Fri, 30 May 1997 17:38:02 +0200 (MET DST) Date: Fri, 30 May 1997 17:38:02 +0200 (MET DST) Message-Id: <199705301538.RAA08714@bitbox.follo.net> From: Eivind Eklund To: security@freebsd.org Subject: X libraries Cc: rich@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk There is presently at least one hole in the X11 libraries (a buffer overflow) being passed around in hacker circles. This buffer overrun makes it possible to exploit any setuid program for X11 (e.g. xterm) user set to; xterm (and others) give root. A temporary fix is to remove the setuid bit on all X11 executables; the following statement will find them > find /usr/X11R6 -perm -4000 -print unless somebody has installed them in /usr/local/bin - hopefully not. The following statement will remove the bits (untested) - and you _will_ loose functionality on it: > find /usr/X11R6 -perm -4000 -exec chmod u-s \{\} \; This will _not_ remove group vulnerabilities. Remember that running an X-server locally is not required to be vulnerable; all non-patched servers able to run xterm are vulnerable. Hopefully XFree will provide replacement libraries soon; if not, I'll try to do it, but I'm not presently equipped to compile new libraries for all FreeBSD versions. (The XFree liason is Cc:'ed - can you comment on this, Rich?) Eivind.