[3154] in bugtraq
Re: Possible bufferoverflow condition in lpr, xterm and xload
daemon@ATHENA.MIT.EDU (Ficus Kirkpatrick)
Tue Aug 13 20:39:24 1996
Date: Tue, 13 Aug 1996 08:38:09 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Ficus Kirkpatrick <ficusk@on-ramp.ior.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.LNX.3.91.960813004759.24815B-100000@garrison.inetcan.net>
(message from Digital Dreamer on Tue, 13 Aug 1996 00:49:16 -0600)
> xterm, xload, both segmented when supplied with -display commandline
> argument / enviroment variable above it's buffer size. Probably
> exploitable, although i haven't gotten around to veryfing this myself,
> I'd like to here comments concerning this suspicioun of mine.
The fact that it's in the -display variable, which isn't handled by
the program but rather the X toolkit it was compiled with, implies
that this could be a problem with all X programs using this particular
toolkit. I'm pretty sure Xterm is compiled with the Athena set, which
is (I beleive) the most common library, followed by Mosaic.
I think you mean Motif. Also, there are a lot of programs that handle
the -display option by themselves and just use the value they get to
call XOpenDisplay(). So, don't discount anything that's not using either
the Athena or Motif widgets.
ficus
