[18215] in bugtraq
IRIX 6.5.10m and libX11
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Wed Dec 20 03:00:02 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0012191047180.25669-100000@nimue.tpi.pl>
Date: Tue, 19 Dec 2000 10:53:07 +0100
Reply-To: Michal Zalewski <lcamtuf@TPI.PL>
From: Michal Zalewski <lcamtuf@TPI.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
libX11 (Xlib) library shipped with IRIXes seems to be vulnerable to the
same vulnerability that affected XFree 3.3.6 some time ago (sun_path
sprintf()) - excessive local part in DISPLAY variable. On big endian
machines it would be generally more difficult to exploit it, because
one-byte fenceposts will affect high byte of every dword. We are limited
by a small subset of accepted characters. For more details, original post
can be found there:
< http://www.securityfocus.com/archive/1/139436 >
Vendors were informed something around three weeks ago, but I have no
confirmation if it has been fixed yet.
--
_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=--=> Did you know that clones never use mirrors? <=--=
