Bugtraq mailing list archives
Buffer overflow in Xprt
From: lupus () LETTERE UNIPD IT (Paolo Molaro)
Date: Mon, 9 Nov 1998 19:24:25 +0100
There is a buffer overflow in the postscript backend of the Xprint server: look at the S_OutStr() function in the file psout.c. A user-supplied variable-lenght string is stored in a 512 sized buffer. This bug is present in version R6, public-patch-3 and later. WORKAROUND: do not run the Xprt server. FIX: make the function malloc() a buffer big enough and recompile. xfree86 and opengroup have been notified a while ago. lupus -- "The number of UNIX installations has grown to 10, with more expected." - _The UNIX Programmer's Manual_, Second Edition, June, 1972.
Current thread:
- Several new CGI vulnerabilities xnec (Nov 09)
- Vulnerabilities with Swish Job de Haas (Nov 09)
- Re: Several new CGI vulnerabilities Karl Hanmore (Nov 10)
- Re: Several new CGI vulnerabilities Gus (Nov 10)
- Buffer overflow in Xprt Paolo Molaro (Nov 09)
- Re: Several new CGI vulnerabilities Lincoln Stein (Nov 10)
- Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) Andi Kleen (Nov 10)
- Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) David S. Miller (Nov 11)
- Vulnerabilities with Swish Jochen Thomas Bauer (Nov 10)
- <Possible follow-ups>
- Re: Several new CGI vulnerabilities Lincoln Stein (Nov 12)