Date: Tue, 15 Apr 1997 18:25:24 +0100 From: David Hedley <hedley@cs.bris.ac.uk> To: freebsd-security@freebsd.org Subject: xlock problem Message-ID: <2394.861125124@maxx>
next in thread | raw e-mail | index | archive | help
Hi there, Just a quick note to say that you should upgrade the version of xlock you are distributing with 2.2.1 and 2.1.7 to xlockmore-4.01 as previous versions have several exploitable buffer overflows which allow root access. To see if you are vulnerable do the following: xlock -name xxxxxxxxxxx << insert at least 1000 x's here) If xlock segmentation faults, then it is vulnerable. To fix, chmod u-s /usr/X11R6/bin/xlock and download and install version 4.01 (available from ftp.x.org:/contrib) Cheers, David -- David Hedley (hedley@cs.bris.ac.uk) finger hedley@cs.bris.ac.uk for PGP key Computer Graphics Group | University of Bristol | UK
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2394.861125124>