Bugtraq mailing list archives
Re: Possible bufferoverflow condition in lpr, xterm and xload
From: exidor () superior net (Christopher Masto)
Date: Wed, 14 Aug 1996 09:51:26 -0400
s/Mosaic/Motif/ xterm is indeed linked with libXaw... Along with a bunch of other libraries. But the display environment variable is handled, I think, by the X Intrinsics toolkit, libXt. If both xload and xterm behave the same way, then chances are the bug's in the library. I don't know how close the XFree86 implmentation of libXt is, but this *may* be a bug inherited from MIT's distribution. A quick check of SGI's xterm and xload show that a DISPLAY variable that's 8192 bytes doesn't cause them any grief. On the other hand, SGI could have totally rewritten X. I wouldn't put it past them.
nimbus:~$ a='gibberish' nimbus:~$ for i in 1 2 3 4 5 6 7 8 9 10 11 12; do a=$a$a; done nimbus:~$ echo $a | wc -c 36865 nimbus:~$ xterm -display $a Bus error nimbus:~$ uname -sr FreeBSD 2.1.5-RELEASE -- Christopher Masto
Current thread:
- Re: Vulnrability in all known Linux distributions, (continued)
- Re: Vulnrability in all known Linux distributions Alan Brown (Aug 13)
- Re: Vulnrability in all known Linux distributions Elliot Lee (Aug 13)
- Re: Vulnrability in all known Linux distributions Alan Cox (Aug 14)
- mount/umount realpath() buffer overflow David J. Meltzer (Aug 13)
- Possible bufferoverflow condition in lpr, xterm and xload bloodmask (Aug 12)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Digital Dreamer (Aug 12)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Casper Dik (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Mike Acar (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Elliot Lee (Aug 13)
- why suid mount (was Re: Possible bufferoverflow condition in lpr, Bryan Reece (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Christopher Masto (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Brian Tao (Aug 15)
- Re: Possible bufferoverflow condition in lpr, xterm and xload *Unknown* (Aug 17)
- Re: libresolv+ bug Theo Van Dinter (Aug 17)
- Re: libresolv+ bug Brian Mitchell (Aug 18)
- Re: libresolv+ bug Jon Lewis (Aug 18)
- Re: libresolv+ bug Alan Cox (Aug 19)
- libresolv Xarthon (Aug 18)
- Re: libresolv Xarthon (Aug 18)
- Re: libresolv+ bug Nelson Murilo (Aug 18)
- Re: libresolv+ bug Brian Mitchell (Aug 18)