Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 May 1997 18:59:45 -0500 (CDT)
From:      Vlad Roubtsov <roubtsov@alecto.physics.uiuc.edu>
To:        security@FreeBSD.ORG
Subject:   Re: X libraries
Message-ID:  <Pine.SGI.3.91.970530185439.14188B-100000@alecto.physics.uiuc.edu>
In-Reply-To: <199705301538.RAA08714@bitbox.follo.net>

next in thread | previous in thread | raw e-mail | index | archive | help


On Fri, 30 May 1997, Eivind Eklund wrote:

> 
> There is presently at least one hole in the X11 libraries (a buffer
>overflow) being passed around in hacker circles.  This buffer overrun
>makes it possible to exploit any setuid program for X11 (e.g. xterm)
>user set to; xterm (and others) give root.
>
	Somebody made a semi-systematic analysis of many X11 applications
and identified several vulnerable programs (xterm included) about a year
ago. The fact didn't draw much attention at the time... 

Vlad.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.3.91.970530185439.14188B-100000>