[4477] in bugtraq
Re: cxterm buffer overrun
daemon@ATHENA.MIT.EDU (Sergiusz Fonrobert)
Thu May 15 09:25:44 1997
Date: Thu, 15 May 1997 12:22:44 +0200
Reply-To: Sergiusz Fonrobert <leto@ARRAKIS.CS.PUT.POZNAN.PL>
From: Sergiusz Fonrobert <leto@ARRAKIS.CS.PUT.POZNAN.PL>
X-To: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.94.970514124016.27406G-100000@dfw.dfw.net>
On Wed, 14 May 1997, Aleph One wrote:
> ---------- Forwarded message ----------
> Date: Wed, 14 May 1997 09:30:19 -0700
> From: Ming Zhang <mzhang@softcom.net>
> Reply-To: linux-security@redhat.com
> To: linux-security@redhat.com
> Subject: [linux-security] cxterm buffer overrun
>
> cxterm is a Chinese terminal emulator for the X Window System.
> It's installed as suid-root by default if you did a make install.
> Just like xterm, it does needs to be suid to update
> /etc/utmp...blahblah...
>
> I discovered some buffer overflow bugs in it. The code
> attached below is the exploit.
>
> Quick fix? chmod -s /path/cxterm
>
This bug exits in color_xterm
I tested exploit on Slackware 3.1 and it work
leto@arrakis.cs.put.poznan.pl
