Bugtraq mailing list archives

Re: Possible bufferoverflow condition in lpr, xterm and xload

From: @ (Igor Chudov @ home)
Date: Sun, 18 Aug 1996 09:34:47 -0500


*Unknown* wrote:

    I'm running XFree86 3.1.2E on a FreeBSD 2.2-960801-SNAP system...
``xterm -display `perl -e "print 'abcde' x 1000, ':0';"`'' causes a
segfault (but doesn't drop a core).


I am running XFree86 as well on a Linux 2.0.7 (redhat) system.

xterm -display `perl -e "print 'a' x 2000"` caused xterm to segfault with
no core drop (notice I left off the :0 and it segfaulted). I've tried to
gain a root shell, but with no success so far.


By the way, it did not crash my xterm.

How about the real solution to the xterm woes:

1. Make utmp and wtmp owned by user root, group (say) acctg, and mode 664.
2. instead of setuiding xterm as root, make it setgid acctg.

This way the worst consequence of hacking xterm would be compromise of
accounting files, but not the root user.

Is there anything else that xterm needs to do as root besides updating
{w|u}tmp? I don't think so, I made a copy in mode 755 and it worked
fine with -ut option.

        - Igor.

Current thread:

Re: libresolv+ bug, (continued)
- - - Re: libresolv+ bug Alan Cox (Aug 19)
    - Re: libresolv+ bug Brian Mitchell (Aug 19)
    - Re: libresolv+ bug David Holland (Aug 19)
    - Re: libresolv+ bug Alan Cox (Aug 19)
    - Re: libresolv+ bug Steve Czetty (Aug 19)
    - real time decode of tcpdump output Michael Ryan (Aug 19)
    - WU.FTPD vulnerability: gnu tar possibly others Alan Cox (Aug 19)
    - Re: WU.FTPD vulnerability: gnu tar possibly others Pedro Melo (Aug 19)
    - Re: WU.FTPD vulnerability: gnu tar possibly others Christian Limpach (Aug 19)
    - SECURITY FIX/UPDATE: anonftp Elliot Lee (Aug 19)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Igor Chudov @ home (Aug 18)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Evil Pete (Aug 18)
    - CERT Advisory CA-96.18 - Vulnerability in fm_fls CERT Advisory (Aug 14)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Ficus Kirkpatrick (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Alexander O. Yuriev (Aug 14)
    - Tracking tools? David Miller (Aug 14)
    - Re: Tracking tools? Gene Titus (Aug 15)
    - Re: Tracking tools? neill (Aug 15)
    - Re: Tracking tools? Tracy R. Reed (Aug 15)
    - SGI Security Advisory 19960801-01-PX, SGI Security Coordinator (Aug 17)
    - CERT Advisory CA-96.19 - Vulnerability in expreserve Pete Ashdown (Aug 15)

(Thread continues...)