oss-sec mailing list archives
Re: Re: Debian / xterm #779397
From: Simon McVittie <smcv () debian org>
Date: Tue, 03 Mar 2015 10:06:30 +0000
On 03/03/15 09:19, Thomas Dickey wrote:
| From: "Kurt Seifried" <kseifried () redhat com> | | $ xterm -S/dev/pts/20 | *** buffer overflow detected ***: /usr/bin/xterm terminated | | Did this get a CVE? I don't see a DSA for xterm. no - someone mentioned the problem in an email - nothing more was said
There's some discussion on the Debian bug about whether this should be considered to be a security vulnerability, or just a bug. Not every buffer overflow is a vulnerability: it can only be a vulnerability if an attacker can trigger it. Is there any reason why it would be useful/sensible to pass untrusted (pseudo-terminal filename, fd) pairs to the -S option? It seems to me that if you're passing partially or entirely attacker-controlled filenames to this option, you have probably already lost. S
Current thread:
- Debian / xterm #779397 Kurt Seifried (Mar 02)
- Re: Debian / xterm #779397 Thomas Dickey (Mar 03)
- Re: Re: Debian / xterm #779397 Simon McVittie (Mar 03)
- Re: Re: Debian / xterm #779397 Marcus Meissner (Mar 03)
- Re: Re: Debian / xterm #779397 Stephane Chazelas (Mar 03)
- Re: Re: Debian / xterm #779397 Simon McVittie (Mar 03)
- Re: Debian / xterm #779397 Thomas Dickey (Mar 03)