----- Forwarded message from bind <[EMAIL PROTECTED]> -----
> From: bind <[EMAIL PROTECTED]>
> Reply-To: bind <[EMAIL PROTECTED]>
> User-Agent: Mutt/1.1.12i
> Date: Tue, 15 Aug 2000 23:17:24 -0700
> To: [EMAIL PROTECTED]
> Subject: xlock vulnerability
>
> Hello,
>
> A format bug exists in all X11R6 xlock's handling of the display ('-d') option.
>
> (bind@cassius ~) $ xlock -d %x%x%x%x%x
> xlock: unable to open display dfbfd958402555e1ea748dfbfd958dfbfd654.
>
> Systems that we tested that were vulnerable included OpenBSD 2.7, FreeBSD
> 4.1 and Slackware 7.1.
>
> The patch is attached.
>
> -bind
>
> --- xlock.c Tue Aug 15 23:10:32 2000
> +++ xlock-patched.c Tue Aug 15 23:03:22 2000
> @@ -944,7 +944,7 @@ error(const char *buf)
> #if defined( HAVE_SYSLOG_H ) && defined( USE_SYSLOG )
> extern Display *dsp;
>
> - syslog(SYSLOG_WARNING, buf);
> + syslog(SYSLOG_WARNING,"%s", buf);
> if (!nolock) {
> if (strstr(buf, "unable to open display") == NULL)
> syslogStop(XDisplayString(dsp));
> @@ -953,7 +953,7 @@ error(const char *buf)
> closelog();
> }
> #else
> - (void) fprintf(stderr, buf);
> + (void) fprintf(stderr,"%s", buf);
> #endif
> exit(1);
> }
----- End forwarded message -----
--------------------------------------------------------------------------
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
