Date: Wed, 2 Oct 2002 18:27:12 -0300 From: "Ademar de Souza Reis Jr." <ademar@...ectiva.com.br> To: xvendor@...ts.openwall.com Subject: XFree86 MIT-SHM vulnerability Hello everyone. I didn't see fixes for the MIT-SHM vulnerability from any vendor besides the Caldera update for XFree86-4.1.2 from March: http://old.lwn.net/alerts/Caldera/CSSA-2002-009.0.php3 The point is that, as far as I can understand, even that fix is not complete, as stated in the XFree86 security page: (http://www.xfree86.org/security/) * The MIT-SHM update in 4.2.1 is incomplete as the case where the X server is started from xdm was not handled. A more complete fix from the XFree86 trunk has been committed to the xf-4_2-branch branch. A source patch against 4.2.1 is available on the XFree86 FTP site. So, any vendor planning a (new) release for this vulnerability? Or maybe someone released something and I'm blind? Anyway, the new patch mentioned definetely fails to apply in 4.0.3. I didn't investigate it and if someone is working on it, please tell me (otherwise I'll do it by myself :-). Still talking about XFree86, I didn't see advisories/fixes from all vendors (except SuSE, IIRC) for the xlib i18n local vulnerability... Any special reason for this delay? I don't know if it's just my feeling, but looks like everyone is "afraid" of updating XFree86 :-). The MIT-SHM and the xlib i18n vulns sound very dangerous to me, and I remember an old issue about using large fonts to cause a serious DoS (mozilla was a vector for the attack - it's fixed already -, but I tested it using other browsers as well) which is still unfixed. http://web.lemuria.org/security/mozilla-dos.html http://www.theregister.co.uk/content/55/25689.html Any comments? Thanks. -- Ademar de Souza Reis Jr. <ademar@...ectiva.com.br> ^[:wq! Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the xvendor mailing list charter.