Date: Tue, 15 Aug 2000 23:17:24 -0700 From: bind <bind@SUBTERRAIN.NET> Subject: xlock vulnerability To: BUGTRAQ@SECURITYFOCUS.COM --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello, A format bug exists in all X11R6 xlock's handling of the display ('-d') option. (bind@cassius ~) $ xlock -d %x%x%x%x%x xlock: unable to open display dfbfd958402555e1ea748dfbfd958dfbfd654. Systems that we tested that were vulnerable included OpenBSD 2.7, FreeBSD 4.1 and Slackware 7.1. The patch is attached. -bind --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="xlock.c.diff" --- xlock.c Tue Aug 15 23:10:32 2000 +++ xlock-patched.c Tue Aug 15 23:03:22 2000 @@ -944,7 +944,7 @@ error(const char *buf) #if defined( HAVE_SYSLOG_H ) && defined( USE_SYSLOG ) extern Display *dsp; - syslog(SYSLOG_WARNING, buf); + syslog(SYSLOG_WARNING,"%s", buf); if (!nolock) { if (strstr(buf, "unable to open display") == NULL) syslogStop(XDisplayString(dsp)); @@ -953,7 +953,7 @@ error(const char *buf) closelog(); } #else - (void) fprintf(stderr, buf); + (void) fprintf(stderr,"%s", buf); #endif exit(1); } --J2SCkAp4GZ/dPZZf--