XFree86 Font Information File Buffer Overflow
Jacques A. Vidrine
nectar at FreeBSD.org
Fri Feb 13 08:37:33 PST 2004
On Fri, Feb 13, 2004 at 09:25:01AM -0500, Barnes, John wrote:
> Has anyone see this alert?
>
> http://www.securityfocus.com/archive/1/353352
See
<URL:http://www.vuxml.org/freebsd/3837f462-5d6b-11d8-80e3-0020ed76ef5a.html>
for information on the FreeBSD XFree86 package.
> It seems to work on Linux, but when I tried the proof of concept on
> 4.3.0,1 running 5.2 RELEASE, I couldn't get the X server to core dump
> or segmentation fault. So, it seems likely to me that FreeBSD is not
> vulnerable to this. Any other thoughts on this matter?
I cannot speculate as to why ``the proof of concept'' didn't work for
you. Likely an error in ``the proof of concept'', whatever it is.
All versions of XFree86 on all platforms are vulnerable. Furthermore,
it seems that many other X11R6-based servers are vulnerable, as the bug
goes way back. It is a very simple `strcpy' buffer overflow.
Cheers,
--
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the freebsd-security
mailing list