XFree86 versions 3.3.5 and 3.3.6 have been found to
contain a buffer
overflow in the xkbmap command-line switch. An attacker can execute
arbitrary code as root, since XFree86 runs either with setuid permissions,
or via a wrapper that is setuid.
please note SuSE Linux is not exploitable.
The Xwrapper which comes with SuSE 6.4 is suid but checks the arguments
and prevents this attack. The X Servers are not suid. Therefore: no problem.
BUT if you have installed XFree86 4.0 (SuSE 6.4 installs 3.3.6) you are
vulnerable. Check it out by executing the following command:
"rpm -q xf86"
Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: marc(a)suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~marc/marc.pgp
| pgp -fka"
Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C