Package: xautolock
Version: 1:2.1-7
Severity: grave
Justification: user security hole
Tags: security
xautolock uses an already freed memory address for starting the locker.
valgrind says:
==6017== Syscall param execve(argv[i]) points to unaddressable byte(s)
==6017== at 0x55E43A7: execve (in /lib/libc-2.7.so)
==6017== by 0x55E479A: execl (in /lib/libc-2.7.so)
==6017== by 0x404026: (within /usr/bin/xautolock)
==6017== by 0x40427B: (within /usr/bin/xautolock)
==6017== by 0x55641A5: (below main) (in /lib/libc-2.7.so)
==6017== Address 0x62ddcf0 is 16 bytes inside a block of size 65 free'd
==6017== at 0x4C2130F: free (vg_replace_malloc.c:323)
==6017== by 0x52852AA: (within /usr/lib/libX11.so.6.2.0)
==6017== by 0x5285314: (within /usr/lib/libX11.so.6.2.0)
==6017== by 0x52853B2: XrmDestroyDatabase (in /usr/lib/libX11.so.6.2.0)
==6017== by 0x40334C: (within /usr/bin/xautolock)
==6017== by 0x4040DE: (within /usr/bin/xautolock)
==6017== by 0x55641A5: (below main) (in /lib/libc-2.7.so)
I noticed this because whenever I let xautolock start from my .xsessionrc it
would fail to start my screen locker. Instead of this:
swarp 840 525 ; xset dpms force off ; slock
it started something like this, according to strace (the corruption didn't
always look the same):
swarp 840 525 ; xset dpms force off ; slo\377\377\300
Because xset turned off the screen, I didn't notice that slock wasn't started
and thus my screen wasn't locked, which is why I think this is a security issue.
Feel free to correct me. ;)
Greetings
Uli Schlachter
-- System Information:
Debian Release: 5.0
APT prefers testing-proposed-updates
APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.27.7wlan.2.0 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages xautolock depends on:
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxss1 1:1.1.3-1 X11 Screen Saver extension library
Versions of packages xautolock recommends:
pn xlockmore | xtrlock | xscreen <none> (no description available)
xautolock suggests no packages.
-- no debconf information
--
"Do you know that books smell like nutmeg or some spice from a foreign land?"
-- Faber in Fahrenheit 451
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
