From owner-freebsd-security Fri May 30 17:01:41 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id RAA17257 for security-outgoing; Fri, 30 May 1997 17:01:41 -0700 (PDT) Received: from mx1.cso.uiuc.edu (mx1.cso.uiuc.edu [128.174.5.37]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA17249 for ; Fri, 30 May 1997 17:01:39 -0700 (PDT) Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [128.174.83.167]) by mx1.cso.uiuc.edu (8.8.5/8.8.5) with SMTP id TAA26962 for <@mailhost.uiuc.edu:security@FreeBSD.ORG>; Fri, 30 May 1997 19:01:38 -0500 (CDT) Received: by alecto.physics.uiuc.edu (940816.SGI.8.6.9/940406.SGI) id SAA15102; Fri, 30 May 1997 18:59:46 -0500 Date: Fri, 30 May 1997 18:59:45 -0500 (CDT) From: Vlad Roubtsov To: security@FreeBSD.ORG Subject: Re: X libraries In-Reply-To: <199705301538.RAA08714@bitbox.follo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Fri, 30 May 1997, Eivind Eklund wrote: > > There is presently at least one hole in the X11 libraries (a buffer >overflow) being passed around in hacker circles. This buffer overrun >makes it possible to exploit any setuid program for X11 (e.g. xterm) >user set to; xterm (and others) give root. > Somebody made a semi-systematic analysis of many X11 applications and identified several vulnerable programs (xterm included) about a year ago. The fact didn't draw much attention at the time... Vlad.