Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20021002212712.GA3392@conectiva.com.br>
Date: Wed, 2 Oct 2002 18:27:12 -0300
From: "Ademar de Souza Reis Jr." <ademar@...ectiva.com.br>
To: xvendor@...ts.openwall.com
Subject: XFree86 MIT-SHM vulnerability

Hello everyone.

I didn't see fixes for the MIT-SHM vulnerability from any vendor besides
the Caldera update for XFree86-4.1.2 from March:
http://old.lwn.net/alerts/Caldera/CSSA-2002-009.0.php3

The point is that, as far as I can understand, even that fix is not
complete, as stated in the XFree86 security page:
(http://www.xfree86.org/security/)

* The MIT-SHM update in 4.2.1 is incomplete as the case where the X
  server is started from xdm was not handled. A more complete fix from
  the XFree86 trunk has been committed to the xf-4_2-branch branch.
  A source patch against 4.2.1 is available on the XFree86 FTP site.

So, any vendor planning a (new) release for this vulnerability?
Or maybe someone released something and I'm blind?

Anyway, the new patch mentioned definetely fails to apply in 4.0.3.
I didn't investigate it and if someone is working on it, please tell me
(otherwise I'll do it by myself :-).


Still talking about XFree86, I didn't see advisories/fixes from all vendors
(except SuSE, IIRC) for the xlib i18n local vulnerability... Any special
reason for this delay?

I don't know if it's just my feeling, but looks like everyone is "afraid" of
updating XFree86 :-). The MIT-SHM and the xlib i18n vulns sound very dangerous
to me, and I remember an old issue about using large fonts to cause
a serious DoS (mozilla was a vector for the attack - it's fixed already -, but
I tested it using other browsers as well) which is still unfixed.

http://web.lemuria.org/security/mozilla-dos.html
http://www.theregister.co.uk/content/55/25689.html

Any comments?

Thanks.

-- 
Ademar de Souza Reis Jr. <ademar@...ectiva.com.br>

^[:wq!

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the xvendor mailing list charter.