CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#169059

X11 vulnerable to buffer overflow in handling of -xrm option

Overview

The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges.

I. Description

The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option (including xterm) also contain this vulnerability.

II. Impact

Attackers may be able to gain root privileges by exploiting affected setuid root programs (such as xterm) that use the X11 library.

III. Solution

Apply a patch

See the Systems Affected section for details, or contact your vendor directly.
None.

Systems Affected

VendorStatusDate Updated
Apple Computer Inc.Not Vulnerable16-Sep-2002
Hewlett-Packard CompanyNot Vulnerable24-Mar-2003
MontaVista SoftwareNot Vulnerable16-Sep-2002
Openwall GNU/*/Linux Not Vulnerable16-Sep-2002
The SCO Group (SCO UnixWare)Vulnerable13-Sep-2002

References


http://ciac.llnl.gov/ciac/bulletins/h-92a.shtml
ftp://ftp.x.org/pub/R6.3/fixes/fix-02
http://stage.caldera.com/support/security/
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.15/CSSA-2002-SCO.15.txt

Credit

Thanks to jG gM for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

Date Public05/28/1997
Date First Published09/16/2002 05:34:59 PM
Date Last Updated03/24/2003
CERT Advisory 
CVE NameCAN-2002-0517
Metric6.78
Document Revision15

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2002 Carnegie Mellon University