-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone see this alert? http://www.securityfocus.com/archive/1/353352 It seems to work on Linux, but when I tried the proof of concept on 4.3.0,1 running 5.2 RELEASE, I couldn't get the X server to core dump or segmentation fault. So, it seems likely to me that FreeBSD is not vulnerable to this. Any other thoughts on this matter? John Barnes TruSecure -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQCzePZuhTuCp6UG8EQJ9IACg3lY365GZicwVXTRtK26bnrVGcMYAoMjp vwPcKAfyyjeUu5R6HbjHxbKn =jW3K -----END PGP SIGNATURE----- *********************************************************************** This message is intended only for the use of the intended recipient and may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any use, dissemination, disclosure or copying of this communication is strictly prohibited. If you have received this communication in error, please destroy all copies of this message and its attachments and notify us immediately. ***********************************************************************
On Fri, Feb 13, 2004 at 09:25:01AM -0500, Barnes, John wrote:> Has anyone see this alert? > > http://www.securityfocus.com/archive/1/353352See <URL:http://www.vuxml.org/freebsd/3837f462-5d6b-11d8-80e3-0020ed76ef5a.html> for information on the FreeBSD XFree86 package.> It seems to work on Linux, but when I tried the proof of concept on > 4.3.0,1 running 5.2 RELEASE, I couldn't get the X server to core dump > or segmentation fault. So, it seems likely to me that FreeBSD is not > vulnerable to this. Any other thoughts on this matter?I cannot speculate as to why ``the proof of concept'' didn't work for you. Likely an error in ``the proof of concept'', whatever it is. All versions of XFree86 on all platforms are vulnerable. Furthermore, it seems that many other X11R6-based servers are vulnerable, as the bug goes way back. It is a very simple `strcpy' buffer overflow. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I misread a '1' for an 'l' on the exploit. X blows up quite handily now. John - -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org]On Behalf Of Barnes, John Sent: Friday, February 13, 2004 9:25 AM To: 'freebsd-security@freebsd.org' Subject: XFree86 Font Information File Buffer Overflow Has anyone see this alert? http://www.securityfocus.com/archive/1/353352 It seems to work on Linux, but when I tried the proof of concept on 4.3.0,1 running 5.2 RELEASE, I couldn't get the X server to core dump or segmentation fault. So, it seems likely to me that FreeBSD is not vulnerable to this. Any other thoughts on this matter? John Barnes TruSecure -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQC0a75uhTuCp6UG8EQKR1QCfZ7yY/aLPpEwaTUzfkHTx/4XLMHwAn1ZS wcYsrNt8WybW2w5wY0I/YUvr =+Jwe -----END PGP SIGNATURE----- *********************************************************************** This message is intended only for the use of the intended recipient and may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any use, dissemination, disclosure or copying of this communication is strictly prohibited. If you have received this communication in error, please destroy all copies of this message and its attachments and notify us immediately. ***********************************************************************