Xlockmore 4.16缓冲区溢出漏洞

漏洞信息详情

Xlockmore 4.16缓冲区溢出漏洞

• CNNVD编号：CNNVD-200005-101
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2000-0455
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2000-05-29
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  david_bagley
• 漏洞来源：
  First made public …

4.16及更早版本的xlockmore xlock程序存在缓冲区溢出漏洞。本地用户借助超长-mode选项可以从内存中读取敏感数据。

This vulnerability has been fixed in (at least) the NetBSD package sources.
To remove the package:
pkg_delete -v xlockmore
To build / install the new version:
cd pkgsrc/x11/xlockmore; make clean; make install
NetBSD binaries are available at:
ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/x11/xlockmore/README.html
Mandrake Linux:
To upgrade automatically, use ? MandrakeUpdate ?. If you want to upgrade manually, download the updated package from one of the FTP server mirrors and uprade with “rpm -Uvh package_name”. All mirrors are listed on
http://www.mandrake.com/en/ftp.php3 Updated packages are available in the “updates/” directory.
For example, if you are looking for an updated RPM package for Mandrake 7.0, look for it in: updates/7.0/RPMS/

来源: BID
名称: 1267
链接:http://www.securityfocus.com/bid/1267

来源: NAI
名称: 20000529 Initialized Data Overflow in Xlock
链接:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp

来源: TURBO
名称: TLSA2000012-1
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html

来源: NETBSD
名称: NetBSD-SA2000-003
链接:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc