On Thu, 4 May 2006, Kenneth R. van Wyk wrote:
> Stories about this (below) X bug and the DHS-sponsored project that found it
> have been floating around the net all week. This story caught my eye,
> though:
>
> http://www.net-security.org/secworld.php?id=3994
>
> The author claims, "This flaw, caused by something as seemingly harmless as a
> missing closing parenthesis, allowed local users to execute code with root
> privileges, giving them the ability to overwrite system files or initiate
> denial of service attacks."
>
> So, it sounds like a single byte change in the entire X src tree could fix a
> bug that could give an attacker complete control of a system. Lovely...
Hmm, I think this was fixed in earlier X versions.
Gadi.
>
> Cheers,
>
> Ken van Wyk
> --
> KRvW Associates, LLC
> http://www.KRvW.com
>
_______________________________________________
Secure Coding mailing list (SC-L)
[email protected]
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
