[8490] in bugtraq
Buffer overflow in Xprt
daemon@ATHENA.MIT.EDU (Paolo Molaro)
Tue Nov 10 16:58:37 1998
Mail-Followup-To: BUGTRAQ@NETSPACE.ORG
Date: Mon, 9 Nov 1998 19:24:25 +0100
Reply-To: Paolo Molaro <lupus@LETTERE.UNIPD.IT>
From: Paolo Molaro <lupus@LETTERE.UNIPD.IT>
To: BUGTRAQ@NETSPACE.ORG
There is a buffer overflow in the postscript backend of the
Xprint server: look at the S_OutStr() function in the file psout.c.
A user-supplied variable-lenght string is stored in a 512 sized buffer.
This bug is present in version R6, public-patch-3 and later.
WORKAROUND: do not run the Xprt server.
FIX: make the function malloc() a buffer big enough and recompile.
xfree86 and opengroup have been notified a while ago.
lupus
--
"The number of UNIX installations has grown to 10, with more expected."
- _The UNIX Programmer's Manual_, Second Edition, June, 1972.
