Slackware alert: root exploit with xlockmore fixed

Posted by dave on Oct 23, 2000 2:57 PM EDT
Mailing list
Mail this story
Print this story

A root exploit has been found in xlockmore packaged with Slackware. By providing a carefully crafted display variable to xlock, it is possible for a local attacker to gain root access. Anyone running xlock on a public machine should upgrade to this version of xlock (or disable xlock altogether) immediately.

A root exploit has been found in xlockmore packaged with Slackware.  By
providing a carefully crafted display variable to xlock, it is possible
for a local attacker to gain root access.  Anyone running xlock on a
public machine should upgrade to this version of xlock (or disable xlock
altogether) immediately.

The package described below will work for users of Slackware 7.0, 7.1, and -current.

=========================================== xlockmore 4.17.2 AVAILABLE - (x1/xlock.tgz) ===========================================

A root exploit has been fixed in this release of xlockmore. The new xlock.tgz package is available from:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/x1/xlock.tgz

For verification purposes, we provide the following checksums:

16-bit "sum" checksum: 53857 762 x1/xlock.tgz

128-bit MD5 message digest: ca171919342cd7a3e18a3ac3cd91e252 x1/xlock.tgz

INSTALLATION INSTRUCTIONS FOR THE xlock.tgz PACKAGE: --------------------------------------------------- Disable any running xlockmore processes and issue this command:

# upgradepkg xlock.tgz

Remember, it's also a good idea to backup configuration files before upgrading packages.

- Slackware Linux Security Team http://www.slackware.com

+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+

  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.