[LBo] X Window system security hole
Stefan Waidele jun.
Stefan at Waidele.info
Thu May 4 17:59:18 CEST 2006
Daniel Botting wrote:
> Dear all,
>
> For your information:
>
> http://www.foxnews.com/story/0,2933,194172,00.html
This is not the first time I don't like the spin in these kind of reports.
The headline suggests: X11 is buggy
But if you read the whole thing, there are the following points 'hidden'
in the article:
* The bug was a "local root exploit"
* The last one of these was found more than 5 years ago
* The discovery of the bug was possible because X11 is open source.
* Now that the bug is discovered, the patch can be distributed
immediately. No need to wait for the next patchday or release of the OS.
* Linux/Unix Servers, which usually do not run X11, are not
vulnerable. With Linux/Unix, you actually have the option to turn off
the GUI!
In the project-title "Vulnerability Discovery and Remediation Open
Source Hardening Project,", the words "Open Source" are linked not to a
definition, but to the notorious "Get the facts" campaign.
I do not care enough to look up the root-exploits that were found in
Windows during the last five years. But I can recall that there were
several. Not only local, but also remote root exploits.
IMO, only with that background-info, the article is a nice read :)
Stefan
PS: Related reading on "Get the facts":
http://lxer.com/module/newswire/view/57712/index.html
More information about the QnA
mailing list