Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1996: Re: Possible bufferoverflow condition in lpr, xterm and xload

Re: Possible bufferoverflow condition in lpr, xterm and xload

Digital Dreamer (dreamergarrison.inetcan.net)
Tue, 13 Aug 1996 00:49:16 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Arik Baratz: "Re: mail storm"
Previous message: bloodmask: "Vulnrability in all known Linux distributions"
In reply to: bloodmask: "Possible bufferoverflow condition in lpr, xterm and xload"
Next in thread: Casper Dik: "Re: Possible bufferoverflow condition in lpr, xterm and xload"

On Tue, 13 Aug 1996, bloodmask wrote:

> Greetings,

[snip]

> xterm, xload, both segmented when supplied with -display commandline
> argument / enviroment variable above it's buffer size. Probably
> exploitable, although i haven't gotten around to veryfing this myself,
> I'd like to here comments concerning this suspicioun of mine.

The fact that it's in the -display variable, which isn't handled by
the program but rather the X toolkit it was compiled with, implies
that this could be a problem with all X programs using this particular
toolkit.  I'm pretty sure Xterm is compiled with the Athena set, which
is (I beleive) the most common library, followed by Mosaic.

dreamer

Next message: Arik Baratz: "Re: mail storm"
Previous message: bloodmask: "Vulnrability in all known Linux distributions"
In reply to: bloodmask: "Possible bufferoverflow condition in lpr, xterm and xload"
Next in thread: Casper Dik: "Re: Possible bufferoverflow condition in lpr, xterm and xload"