Date: Thu, 17 Aug 2000 16:51:49 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: freebsd-security@freebsd.org, security-officer@freebsd.org Subject: xlock Vulnerability Misrepresented at Bugtraq Message-ID: <20000817165149.A88516@149.211.6.64.reflexcom.com>
next in thread | raw e-mail | index | archive | help
I noticed this and sent an email to the original poster of the vulnerability, but no reply. If you go to, http://www.securityfocus.com/vdb/bottom.html?vid=1585 You will see this is listed as a FreeBSD vulnerability. It is not per se. 1) X is not part of FreeBSD. But FreeBSD distributes XFree86 with its CDs and from most FTP sites. 2) No xlock executable comes with the default XFree86 distribution for FreeBSD, package or port. 3) You need to install the 'xlockmore' to get the vulnerable xlock to which the original Bugtraq poster was refering. I think this needs to be straightened out: FreeBSD itself is not vulnerable. FreeBSD with the distributed XFree86 is not vulnerable. FreeBSD users are only vulnerable if you have aded the xlockmore port, other xlock tool, or a X distribution with a vulnerable xlock on your own. Am I right here? I can't find xlock on my FreeBSD machines anyway. Even the ones with XFree86. -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000817165149.A88516>