Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Suse Security Advisory - xli/xloadimage

Suse Security Advisory - xli/xloadimage

by phiber on July 25th, 2001 Due to missing boundary checks in the xli code a buffer overflow could be triggered by an external attacker to execute commands on the victim's system. An exploit is publically available.


SuSE Linux is not vulnerable by default because of the different names.
On SuSE Linux the command is called xli, while the plugger uses xloadimage.

/etc/pluggerrc:

exits: xloadimage -quiet -windowid $window $file



If you have xloadimage installed on your system on your own, you should comment out the lines in /etc/pluggerrc, that contain xloadimage, for a temporary fix.



Otherwise update the packages for your system.
Nevertheless, it's recommended to leave the xloadimage entry in /etc/pluggerrc commented out, because of the potential risk the xloadimage code causes.



For updates and patches, download the whole advisory.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »