Bugtraq mailing list archives

Re: Possible bufferoverflow condition in lpr, xterm and xload

From: ficusk () on-ramp ior com (Ficus Kirkpatrick)
Date: Tue, 13 Aug 1996 08:38:09 -0700


   > xterm, xload, both segmented when supplied with -display commandline
   > argument / enviroment variable above it's buffer size. Probably
   > exploitable, although i haven't gotten around to veryfing this myself,
   > I'd like to here comments concerning this suspicioun of mine.

   The fact that it's in the -display variable, which isn't handled by
   the program but rather the X toolkit it was compiled with, implies
   that this could be a problem with all X programs using this particular
   toolkit.  I'm pretty sure Xterm is compiled with the Athena set, which
   is (I beleive) the most common library, followed by Mosaic.

I think you mean Motif. Also, there are a lot of programs that handle
the -display option by themselves and just use the value they get to
call XOpenDisplay(). So, don't discount anything that's not using either
the Athena or Motif widgets.

ficus

Current thread:

Re: libresolv+ bug, (continued)
- - - Re: libresolv+ bug Alan Cox (Aug 19)
    - Re: libresolv+ bug Steve Czetty (Aug 19)
    - real time decode of tcpdump output Michael Ryan (Aug 19)
    - WU.FTPD vulnerability: gnu tar possibly others Alan Cox (Aug 19)
    - Re: WU.FTPD vulnerability: gnu tar possibly others Pedro Melo (Aug 19)
    - Re: WU.FTPD vulnerability: gnu tar possibly others Christian Limpach (Aug 19)
    - SECURITY FIX/UPDATE: anonftp Elliot Lee (Aug 19)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Igor Chudov @ home (Aug 18)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Evil Pete (Aug 18)
    - CERT Advisory CA-96.18 - Vulnerability in fm_fls CERT Advisory (Aug 14)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Ficus Kirkpatrick (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Alexander O. Yuriev (Aug 14)
    - Tracking tools? David Miller (Aug 14)
    - Re: Tracking tools? Gene Titus (Aug 15)
    - Re: Tracking tools? neill (Aug 15)
    - Re: Tracking tools? Tracy R. Reed (Aug 15)
    - SGI Security Advisory 19960801-01-PX, SGI Security Coordinator (Aug 17)
    - CERT Advisory CA-96.19 - Vulnerability in expreserve Pete Ashdown (Aug 15)
    - Re: CERT Advisory CA-96.19 - Vulnerability in expreserve Casper Dik (Aug 18)
    - Re: Tracking tools? Greg Miller (Aug 15)
    - Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)

(Thread continues...)