From owner-freebsd-security  Mon Jun 29 00:30:01 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA23119
          for freebsd-security-outgoing; Mon, 29 Jun 1998 00:30:01 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ghpc8.ihf.rwth-aachen.de (ghpc8.ihf.RWTH-Aachen.DE [134.130.90.8])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA23084
          for <freebsd-security@FreeBSD.ORG>; Mon, 29 Jun 1998 00:29:55 -0700 (PDT)
          (envelope-from tg@ghpc8.ihf.rwth-aachen.de)
Received: from ghpc6.ihf.rwth-aachen.de (ghpc6.ihf.rwth-aachen.de [134.130.90.6])
	by ghpc8.ihf.rwth-aachen.de (8.8.8/8.8.6) with ESMTP id JAA25546;
	Mon, 29 Jun 1998 09:29:49 +0200 (CEST)
Received: (from tg@localhost)
	by ghpc6.ihf.rwth-aachen.de (8.8.8/8.8.5) id JAA04551;
	Mon, 29 Jun 1998 09:29:47 +0200 (CEST)
To: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: xlock
References: <199806290632.IAA00836@gilberto.physik.RWTH-Aachen.DE> <87btrcy9s5.fsf@ghpc6.ihf.rwth-aachen.de> <19980629092005.33214@gil.physik.rwth-aachen.de>
From: Thomas Gellekum <tg@ihf.rwth-aachen.de>
Date: 29 Jun 1998 09:29:47 +0200
In-Reply-To: Christoph Kukulies's message of "Mon, 29 Jun 1998 09:20:05 +0200"
Message-ID: <8790mgy8b8.fsf@ghpc6.ihf.rwth-aachen.de>
Lines: 31
X-Mailer: Gnus v5.5/XEmacs 20.4 - "Emerald"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE> writes:

> On Mon, Jun 29, 1998 at 08:58:02AM +0200, Thomas Gellekum wrote:
> > Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE> writes:
> > 
> > > Alarmed by recent buffer overflow attacks on Linux machines in
> > > my vicinity (an exploit for this is available) I thought about
> > > xlock under FreeBSD and would like to know whether the
> > > security hole has been sorted out under FreeBSD 2.2.x or what
> > > measures are advised to prevent it.
> > 
> > Could you tell more about this?
> 
>  /* x86 XLOCK overflow exploit
>       by cesaro@0wned.org 4/17/97
> 
>       Original exploit framework - lpr exploit
> 
>       Usage: make xlock-exploit
>              xlock-exploit  <optional_offset>
> 
>       Assumptions: xlock is suid root, and installed in /usr/X11/bin
>   */
> 
> [complete xploit can be sent on demand]

Please do. Desmond Bagley, the maintainer of xlockmore mentioned a
security hole in Mesa with suid binaries. I don't know if it's the
same problem.

tg

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message