Multiple X application libX11 _XAsyncReply() Stack Corruption Vulnerability
BID:1408
Info
Multiple X application libX11 _XAsyncReply() Stack Corruption Vulnerability
| Bugtraq ID: | 1408 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jun 19 2000 12:00AM |
| Updated: | Jun 19 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on June 19, 2000 by Chris Evans <[email protected]> |
| Vulnerable: |
XFree86 X11R6 4.0 XFree86 X11R6 3.3.6 XFree86 X11R6 3.3.5 XFree86 X11R6 3.3.4 XFree86 X11R6 3.3.3 Open Group X 11.0 R6.4 Open Group X 11.0 R6.3 Open Group X 11.0 R6.2 Open Group X 11.0 R6.1 Open Group X 11.0 R6 |
| Not Vulnerable: | |
Discussion
Exploit / POC
Multiple X application libX11 _XAsyncReply() Stack Corruption Vulnerability
x
x
Solution / Fix
Multiple X application libX11 _XAsyncReply() Stack Corruption Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
If xterm, and other applications are not setuid, this attack will not work. This attack does not require the X server be present on a local machine -- by setting the DISPLAY variable, an exploit version of an X server could be anywhere on the internet, on a fairly arbitrary port.
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
If xterm, and other applications are not setuid, this attack will not work. This attack does not require the X server be present on a local machine -- by setting the DISPLAY variable, an exploit version of an X server could be anywhere on the internet, on a fairly arbitrary port.
References
Multiple X application libX11 _XAsyncReply() Stack Corruption Vulnerability
References:
References: