Secure Coding mailing list archives
HNS - Biggest X Window security hole since 2000
From: ge at linuxbox.org (Gadi Evron)
Date: Thu, 4 May 2006 11:40:17 -0500 (CDT)
On Thu, 4 May 2006, Kenneth R. van Wyk wrote:
Stories about this (below) X bug and the DHS-sponsored project that found it have been floating around the net all week. This story caught my eye, though: http://www.net-security.org/secworld.php?id=3994 The author claims, "This flaw, caused by something as seemingly harmless as a missing closing parenthesis, allowed local users to execute code with root privileges, giving them the ability to overwrite system files or initiate denial of service attacks." So, it sounds like a single byte change in the entire X src tree could fix a bug that could give an attacker complete control of a system. Lovely...
Hmm, I think this was fixed in earlier X versions.
Gadi.
Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
Current thread:
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 Gadi Evron (May 04)
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 Greenarrow 1 (May 04)
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 ljknews (May 05)
- HNS - Biggest X Window security hole since 2000 der Mouse (May 06)
- HNS - Biggest X Window security hole since 2000 Robert C. Seacord (May 08)
- HNS - Biggest X Window security hole since 2000 Tim Hollebeek (May 08)
- HNS - Biggest X Window security hole since 2000 Florian Weimer (May 07)
- HNS - Biggest X Window security hole since 2000 der Mouse (May 06)
- HNS - Biggest X Window security hole since 2000 Gadi Evron (May 04)