buffer overflow in XFree

Dan Osterrath do3 at mail.inf.tu-dresden.de
Mon Sep 1 22:43:16 PDT 2003


For those of you using still xfs theres an possible buffer overflow in the 
XFree font libraries.

http://www.securityfocus.com/archive/1/335592

The fix is to disable the SUID bit for XFree but I think this is realls bad as 
you can't access some devices and some files anymore which makes XFree slow. 
(Remember the discussion bout /tmp/.ICE-unix) So disabling xfs and using the 
internal font rendering engine might be a better fix.

-- 
----------------------------------------------------------------------
%> ln -s /dev/null /dev/brain
%> ln -s /dev/urandom /dev/world
%> dd if=/dev/world of=/dev/brain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-security/attachments/20030902/372ddbbd/attachment.sig>


More information about the lfs-security mailing list