Bugtraq mailing list archives
Re: Overflow in xlock
From: troy () AUSTIN IBM COM (Bollinger)
Date: Sun, 27 Apr 1997 09:30:53 -0500
-----BEGIN PGP SIGNED MESSAGE----- George Staikos wrote:
There appears to be an exploitable buffer overflow in xlock, the X based screensaver/locker. Xlock is installed suid root on machines with shadowed passwords. I have verified this on xlock versions on AIX 4.x
There's a temporary fix for the AIX v4 xlock available for anonymous ftp from testcase.software.ibm.com:/aix/fromibm/xlock.overflow_fix.aix4.Z. Checksums: sum 01445 73 xlock.overflow_fix.aix4 sum -i 41749 73 xlock.overflow_fix.aix4 sum -o 14725 73 xlock.overflow_fix.aix4 MD5 (xlock.overflow_fix.aix4) = e5e679a73b5a28ef471751bfee67d00c Official APARs are in progress and will be available shortly. If there are any questions regarding this fix or any other AIX security bug, please contact security-alert () austin ibm com. Sensitive information can be encrypted using the AIX Security PGP key. To retrieve this key send email with a subject of "get key" to security-alert () austin ibm com. - -- +---------------- I do not speak for IBM! ------------------+ |Troy Bollinger | email: troy () austin ibm com| |AIX Security Development | Sometimes the old ways are best.| +-------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: 2.7.1 iQCVAwUBM2NjHQsPbaL1YgqvAQGnIwP9Ep9XFmNKDMgUkzJyK8c9kHKM4J76SQkU OPE8VvWKBGu9BezomMDd/RLf9b1lxA+lW0+vQvp+cEq8DRbGnI9V2pHiZBi6ESRG 9fwkFa07Uy5+6lDsO1HXYLwpLa8JBxqgH8wonUVFABrLBdaHXs3pxwdmHD1npBKA P4o7hGikIzk= =0kSc -----END PGP SIGNATURE-----
Current thread:
- CPSN 4-970424: Possible buffer overflow in pop3d Corinne Posse (Apr 26)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d George Staikos (Apr 26)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Derric Scott (Apr 27)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d J. Joseph Max Katz (Apr 28)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Johannes Erdfelt (Apr 28)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Derric Scott (Apr 27)
- Overflow in xlock George Staikos (Apr 26)
- Re: Overflow in xlock David Hedley (Apr 27)
- Re: Overflow in xlock Bollinger (Apr 27)
- Re: Overflow in xlock Andrew G. Morgan (Apr 27)
- Thoughts about DNS... Thomas H. Ptacek (Apr 26)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 26)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 27)
- BIND ID Brute Force Fix Illuminati Primus (Apr 27)
- Re: Thoughts about DNS... Illuminati Primus (Apr 27)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 27)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d George Staikos (Apr 26)
- <Possible follow-ups>
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Andy Church (Apr 28)