Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 Oct 2002 18:27:12 -0300
From: "Ademar de Souza Reis Jr." <ademar@...ectiva.com.br>
To: xvendor@...ts.openwall.com
Subject: XFree86 MIT-SHM vulnerability

Hello everyone.

I didn't see fixes for the MIT-SHM vulnerability from any vendor besides
the Caldera update for XFree86-4.1.2 from March:
http://old.lwn.net/alerts/Caldera/CSSA-2002-009.0.php3

The point is that, as far as I can understand, even that fix is not
complete, as stated in the XFree86 security page:
(http://www.xfree86.org/security/)

* The MIT-SHM update in 4.2.1 is incomplete as the case where the X
  server is started from xdm was not handled. A more complete fix from
  the XFree86 trunk has been committed to the xf-4_2-branch branch.
  A source patch against 4.2.1 is available on the XFree86 FTP site.

So, any vendor planning a (new) release for this vulnerability?
Or maybe someone released something and I'm blind?

Anyway, the new patch mentioned definetely fails to apply in 4.0.3.
I didn't investigate it and if someone is working on it, please tell me
(otherwise I'll do it by myself :-).


Still talking about XFree86, I didn't see advisories/fixes from all vendors
(except SuSE, IIRC) for the xlib i18n local vulnerability... Any special
reason for this delay?

I don't know if it's just my feeling, but looks like everyone is "afraid" of
updating XFree86 :-). The MIT-SHM and the xlib i18n vulns sound very dangerous
to me, and I remember an old issue about using large fonts to cause
a serious DoS (mozilla was a vector for the attack - it's fixed already -, but
I tested it using other browsers as well) which is still unfixed.

http://web.lemuria.org/security/mozilla-dos.html
http://www.theregister.co.uk/content/55/25689.html

Any comments?

Thanks.

-- 
Ademar de Souza Reis Jr. <ademar@...ectiva.com.br>

^[:wq!

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the xvendor mailing list charter.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ