Bugtraq mailing list archives

Re: Possible bufferoverflow condition in lpr, xterm and xload

From: dreamer () garrison inetcan net (Digital Dreamer)
Date: Tue, 13 Aug 1996 00:49:16 -0600


On Tue, 13 Aug 1996, bloodmask wrote:

Greetings,


[snip]

xterm, xload, both segmented when supplied with -display commandline
argument / enviroment variable above it's buffer size. Probably
exploitable, although i haven't gotten around to veryfing this myself,
I'd like to here comments concerning this suspicioun of mine.


The fact that it's in the -display variable, which isn't handled by
the program but rather the X toolkit it was compiled with, implies
that this could be a problem with all X programs using this particular
toolkit.  I'm pretty sure Xterm is compiled with the Athena set, which
is (I beleive) the most common library, followed by Mosaic.

dreamer

Current thread:

Re: mail storm, (continued)
- - - Re: mail storm Arik Baratz (Aug 13)
    - Re: mail storm Albert Lunde (Aug 12)
    - Re: mail storm Igor Chudov @ home (Aug 12)
    - Vulnrability in all known Linux distributions bloodmask (Aug 12)
    - Re: Vulnrability in all known Linux distributions Steve Czetty (Aug 13)
    - Re: Vulnrability in all known Linux distributions Alan Brown (Aug 13)
    - Re: Vulnrability in all known Linux distributions Elliot Lee (Aug 13)
    - Re: Vulnrability in all known Linux distributions Alan Cox (Aug 14)
    - mount/umount realpath() buffer overflow David J. Meltzer (Aug 13)
    - Possible bufferoverflow condition in lpr, xterm and xload bloodmask (Aug 12)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Digital Dreamer (Aug 12)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Casper Dik (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Mike Acar (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Elliot Lee (Aug 13)
    - why suid mount (was Re: Possible bufferoverflow condition in lpr, Bryan Reece (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Christopher Masto (Aug 14)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Brian Tao (Aug 15)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload *Unknown* (Aug 17)
    - Re: libresolv+ bug Theo Van Dinter (Aug 17)
    - Re: libresolv+ bug Brian Mitchell (Aug 18)
    - Re: libresolv+ bug Jon Lewis (Aug 18)

(Thread continues...)