Vulnerability Development mailing list archives
Re: XFree86 DOS / Buffer overflow local and remote.
From: KF <dotslash () snosoft com>
Date: Sun, 23 Sep 2001 06:59:39 -0400
The issue is with XFree86 not with mozilla or netscape HTML simply provided an easy way of
injecting the payload...xterm -display localhost:0 -name `perl -e 'print "A" x 9000'` should also do it... again this is not a hole in netscape or xterm just the attack method used to cause X to crash.
Here is my Xwindows information.
[root@osx root]# X -version
XFree86 Version 4.0.3 / X Window System
(protocol Version 11, revision 0, vendor release 6400)
Release Date: 16 March 2001
If the server is older than 6-12 months, or if your card is
newer than the above date, look for a newer version before
reporting problems. (See http://www.XFree86.Org/FAQ)
Operating System: Linux 2.4.4-pre8 ppc [ELF]
Module Loader present
-KF
Simos Xenitellis wrote:
Hi, I do not know if I got it correctly but here is goes. Do you load the file in Netscape/Mozilla with something like file:///tmp/file.html and then close the application from the x box? It did not crash on netscape 4.77, not mozilla 0.9.4. simos On Sun, 23 Sep 2001, KF wrote:I gzipped the html attachment because the list rejected the html mime type. -KF
Current thread:
- Re: XFree86 DOS / Buffer overflow local and remote. KF (Sep 22)
- Re: XFree86 DOS / Buffer overflow local and remote. Jose Tavares (Sep 24)
- Re: XFree86 DOS / Buffer overflow local and remote. KF (Sep 24)
- Re: XFree86 DOS / Buffer overflow local and remote. Marshal (Sep 27)
- Re: XFree86 DOS / Buffer overflow local and remote. KF (Sep 24)
- <Possible follow-ups>
- Re: XFree86 DOS / Buffer overflow local and remote. Jose Tavares (Sep 22)
- Re: XFree86 DOS / Buffer overflow local and remote. Jose Tavares (Sep 24)