Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Vulnerability in X server

Re: Vulnerability in X server

From: Peter Pentchev <roam_at_ringlet.net>
Date: Thu, 11 Mar 2004 10:46:33 +0200

On Wed, Mar 10, 2004 at 11:11:30AM +0100, Marco Monicelli wrote:
>
>
>
>
> Hello there!
>
> Anyone of you guys is aware of a local vulnerability for X server? I got a
> binary by a friend of mine claiming to be a local exploit for X servers
> tested on several distros like Suse 9.0 and latest release of Slackware.
>
> I'm not used to run binaries although this comes from a pretty trusted
> friend who codes exploits.
>
> It should drop a root shell and in case of failure it crashes X server
> (this according to my friend).
>
> I'd like to have your opinions and informations.

It sounds like the recent XFree86 font handling problems; among others:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730

G'luck,
Peter 

-- 
Peter Pentchev	roam_at_ringlet.net    roam_at_sbnd.net    roam_at_FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If you think this sentence is confusing, then change one pig.

  • application/pgp-signature attachment: stored
Received on Mar 11 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos