Stories about this (below) X bug and the DHS-sponsored project that found it have been floating around the net all week. This story caught my eye, though:
http://www.net-security.org/secworld.php?id=3994 The author claims, "This flaw, caused by something as seemingly harmless as a missing closing parenthesis, allowed local users to execute code with root privileges, giving them the ability to overwrite system files or initiate denial of service attacks." So, it sounds like a single byte change in the entire X src tree could fix a bug that could give an attacker complete control of a system. Lovely... Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
pgpyqSfoo0SaU.pgp
Description: PGP signature
_______________________________________________ Secure Coding mailing list (SC-L) [email protected] List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
