Login
Newsletter
Werbung

Sicherheit: Unsichere Verwendung der DISPLAY-Umgebungsvariable in xlockmore
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung der DISPLAY-Umgebungsvariable in xlockmore
ID:
Distribution: Slackware
Plattformen: Slackware -current, Slackware 7.0, Slackware 7.1
Datum: Di, 24. Oktober 2000, 13:00
Referenzen: Keine Angabe
Applikationen: xlockmore

Originalnachricht

A root exploit has been found in xlockmore packaged with Slackware.  By
providing a carefully crafted display variable to xlock, it is possible
for a local attacker to gain root access. Anyone running xlock on a
public machine should upgrade to this version of xlock (or disable xlock
altogether) immediately.

The package described below will work for users of Slackware 7.0, 7.1, and
-current.


===========================================
xlockmore 4.17.2 AVAILABLE - (x1/xlock.tgz)
===========================================

A root exploit has been fixed in this release of xlockmore. The new
xlock.tgz package is available from:

xlock.tgz

For verification purposes, we provide the following checksums:

16-bit "sum" checksum:
53857 762 x1/xlock.tgz

128-bit MD5 message digest:
ca171919342cd7a3e18a3ac3cd91e252 x1/xlock.tgz


INSTALLATION INSTRUCTIONS FOR THE xlock.tgz PACKAGE:
---------------------------------------------------
Disable any running xlockmore processes and issue this command:

# upgradepkg xlock.tgz


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung