Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Overflow in xlock

From: troy () AUSTIN IBM COM (Bollinger)
Date: Sun, 27 Apr 1997 09:30:53 -0500

-----BEGIN PGP SIGNED MESSAGE-----

George Staikos wrote:


There appears to be an exploitable buffer overflow in xlock, the X based
screensaver/locker.  Xlock is installed suid root on machines with
shadowed passwords.  I have verified this on xlock versions on AIX 4.x


There's a temporary fix for the AIX v4 xlock available for anonymous ftp
from testcase.software.ibm.com:/aix/fromibm/xlock.overflow_fix.aix4.Z.

Checksums:

sum              01445    73 xlock.overflow_fix.aix4
sum -i           41749    73 xlock.overflow_fix.aix4
sum -o           14725    73 xlock.overflow_fix.aix4

MD5 (xlock.overflow_fix.aix4) = e5e679a73b5a28ef471751bfee67d00c


Official APARs are in progress and will be available shortly.

If there are any questions regarding this fix or any other AIX security
bug, please contact security-alert () austin ibm com.  Sensitive
information can be encrypted using the AIX Security PGP key.  To
retrieve this key send email with a subject of "get key" to
security-alert () austin ibm com.

- --
+----------------  I do not speak for IBM!  ------------------+
|Troy Bollinger             |      email:  troy () austin ibm com|
|AIX Security Development   | Sometimes the old ways are best.|
+-------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBM2NjHQsPbaL1YgqvAQGnIwP9Ep9XFmNKDMgUkzJyK8c9kHKM4J76SQkU
OPE8VvWKBGu9BezomMDd/RLf9b1lxA+lW0+vQvp+cEq8DRbGnI9V2pHiZBi6ESRG
9fwkFa07Uy5+6lDsO1HXYLwpLa8JBxqgH8wonUVFABrLBdaHXs3pxwdmHD1npBKA
P4o7hGikIzk=
=0kSc
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: