Slackware alert: root exploit with xlockmore fixed

Posted by dave on Oct 23, 2000 2:57 PM EDT
Mailing list		Mail this story
Print this story

A root exploit has been found in xlockmore packaged with Slackware. By providing a carefully crafted display variable to xlock, it is possible for a local attacker to gain root access. Anyone running xlock on a public machine should upgrade to this version of xlock (or disable xlock altogether) immediately. 

A root exploit has been found in xlockmore packaged with Slackware.  By
providing a carefully crafted display variable to xlock, it is possible
for a local attacker to gain root access.  Anyone running xlock on a
public machine should upgrade to this version of xlock (or disable xlock
altogether) immediately.

The package described below will work for users of Slackware 7.0, 7.1, and
-current.


   ===========================================
   xlockmore 4.17.2 AVAILABLE - (x1/xlock.tgz)
   ===========================================

      A root exploit has been fixed in this release of xlockmore.  The new
      xlock.tgz package is available from:

         ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/x1/xlock.tgz

      For verification purposes, we provide the following checksums:

         16-bit "sum" checksum:
         53857   762   x1/xlock.tgz

         128-bit MD5 message digest:
         ca171919342cd7a3e18a3ac3cd91e252  x1/xlock.tgz


      INSTALLATION INSTRUCTIONS FOR THE xlock.tgz PACKAGE:
      ---------------------------------------------------
      Disable any running xlockmore processes and issue this command:

         # upgradepkg xlock.tgz


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+

  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.