Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Buffer overflow in XprtPaolo Molaro (lupusLETTERE.UNIPD.IT)
Mon, 9 Nov 1998 19:24:25 +0100
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Greg A. Woods: "Re: tcpd -DPARANOID doesn't work, and never did"
- Previous message: Andi Kleen: "Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice)"
There is a buffer overflow in the postscript backend of the Xprint server: look at the S_OutStr() function in the file psout.c. A user-supplied variable-lenght string is stored in a 512 sized buffer. This bug is present in version R6, public-patch-3 and later. WORKAROUND: do not run the Xprt server. FIX: make the function malloc() a buffer big enough and recompile. xfree86 and opengroup have been notified a while ago. lupus -- "The number of UNIX installations has grown to 10, with more expected." - _The UNIX Programmer's Manual_, Second Edition, June, 1972.