Buffer Overflow in xlockmore

Hi. I recently had my Freebsd 12.0 hacked.

Hacker approached the computer running xlockmore (xlocked workstation) and used a buffer overflow to cause a segmentation fault error, thus crashing the application and accessing the computer contents.
Please either fix this bug or remove from the repository (all xlocks), it's faulty and dangerous.
Finally, a suggestion. I recently installed Solaris 11, one cool thing Solaris does is it prevents root logins. You can be root, by logging in from another user account, but no direct login. I think it would be worthin considering something like that on FreeBSD.
 
Hacker approached the computer running xlockmore (xlocked workstation) and used a buffer overflow to cause a segmentation fault error, thus crashing the application and accessing the computer contents.
If this is correct it needs to be fixed upstream, report it here: http://sillycycle.com/xlockmore.html

Please either fix this bug or remove from the repository (all xlocks), it's faulty and dangerous.
Provide details and report the issue to ports-secteam@FreeBSD.org so it can be added to VuXML.

Finally, a suggestion. I recently installed Solaris 11, one cool thing Solaris does is it prevents root logins. You can be root, by logging in from another user account, but no direct login. I think it would be worthin considering something like that on FreeBSD.
You can configure that yourself if you so desire.
 
Smok said:
Hacker approached the computer running xlockmore (xlocked workstation) and used a buffer overflow to cause a segmentation fault error, thus crashing the application and accessing the computer contents.
Was this felony reported to law enforcement?

Please either fix this bug or remove from the repository (all xlocks), it's faulty and dangerous.
Fixing xlock won't make you any more secure from an attacker with physical access. That's a threat that only you can address.
 
Please either fix this bug or remove from the repository (all xlocks), it's faulty and dangerous.

They updated x11/xlockmore 10-4-19. I saw it when I updated my ports tree. I don't know whether it addressed your issue or not.
 
Back
Top