Vulnerability Development mailing list archives

Re: Vulnerability in X server

From: Peter Pentchev <roam () ringlet net>
Date: Thu, 11 Mar 2004 10:46:33 +0200

On Wed, Mar 10, 2004 at 11:11:30AM +0100, Marco Monicelli wrote:





Hello there!

Anyone of you guys is aware of a local vulnerability for X server? I got a
binary by a friend of mine claiming to be a local exploit for X servers
tested on several distros like Suse 9.0 and latest release of Slackware.

I'm not used to run binaries although this comes from a pretty trusted
friend who codes exploits.

It should drop a root shell and in case of failure it crashes X server
(this according to my friend).

I'd like to have your opinions and informations.


It sounds like the recent XFree86 font handling problems; among others:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730

G'luck,
Peter

-- 
Peter Pentchev  roam () ringlet net    roam () sbnd net    roam () FreeBSD org
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If you think this sentence is confusing, then change one pig.

Attachment: _bin
Description:

Current thread:

Vulnerability in X server Marco Monicelli (Mar 10)
- RE: Vulnerability in X server Harshul Nayak (Mar 11)
- Re: Vulnerability in X server Peter Pentchev (Mar 11)
- <Possible follow-ups>
- RE: Vulnerability in X server Brown, Rodrick (Mar 11)