Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: xlockmore vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Debian There is a format string bug in all versions of xlockmore/xlockmore-gl.

- ------------------------------------------------------------------------
Debian Security Advisory                                               Michael Stone
August 16, 2000
- ------------------------------------------------------------------------

Package: xlockmore, xlockmore-gl
Vulnerability type: local exploit
Debian-specific: no

There is a format string bug in all versions of xlockmore/xlockmore-gl.
Debian 2.1 (slink) installs xlock setgid by default, and this exploit
can be used to gain read access to the shadow file. We recommend
upgrading immediately.

xlockmore is normally installed as an unprivileged program in Debian 2.2
(potato) and is not vulnerable in that configuration. xlockmore may be
setuid/setgid for historical reasons or after upgrading from a previous
Debian release; consult README.Debian in /usr/doc/xlockmore or
/usr/doc/xlockmore-gl for information about xlock privileges and how to
disable them. If your local environment requires xlock to be setgid, or
if in doubt, you should upgrade to a fixed package immediately.

Fixed packages are available in xlockmore/xlockmore-gl 4.12-5 for Debian
2.1 (slink) and xlockmore/xlockmore-gl 4.15-9 for Debian 2.2 (potato). 

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  Source archives:
      MD5 checksum: e253bee3472f835e71e23994ead85dcf
      MD5 checksum: acbf3f3310edca9ce20f5d4e720f3227
      MD5 checksum: 110a594d89f3a2758255d0bba0e48217
  Alpha architecture:
      MD5 checksum: d51723c04362213ca6f43d12db479a07
      MD5 checksum: 41878e3ba49152c5049cb9a394a41d14
  Intel ia32 architecture:
      MD5 checksum: 0d5c32ed8a834bb810ba421520f81dea
      MD5 checksum: ca34fd0732d82f2e4d176eb80f828cd8
  Motorola 680x0 architecture:
    will be available shortly
  Sun Sparc architecture:
      MD5 checksum: 3ccfd6b2893e0e183eb1118c75fd57e4
      MD5 checksum: 002d7712d7be3a943e0b88f9263092b2

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:
      MD5 checksum: 02f86bd315558ca32ca5a777d009c85f
      MD5 checksum: 377a392b2f6c711b5252fbfff822ce99
      MD5 checksum: eceda376ee0a336063a46ec018c83d94
  Alpha architecture:
      MD5 checksum: e620c4e0d3f4ecc7167b9f9897cd3971
      MD5 checksum: 15e4be9f504873789c42ce0f283da707
  Arm architecture:
      MD5 checksum: bb0f9cfb7a90f73a870ed529b51ef258
      MD5 checksum: e78be3e33bbc1ee68c01bef39be8997d
  Intel ia32 architecture:
      MD5 checksum: aed3a97f49cd0ea1464cefb6ef94b9ac
      MD5 checksum: 7a8ac4b5725bf3117b029ba31568817f
  Motorola 680x0 architecture:
    Will be available shortly
  PowerPC architecture:
    Will be available shortly
  Sun Sparc architecture:
      MD5 checksum: 3507476bbf9e625c06a4f52ffa81a1e8
      MD5 checksum: 9ce55111c3a93744b62eb5f2d2291511

Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.