Vulnerability Note VU#169059
X11 vulnerable to buffer overflow in handling of -xrm option
The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges.
The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option (including xterm) also contain this vulnerability.
Attackers may be able to gain root privileges by exploiting affected setuid root programs (such as xterm) that use the X11 library.
Apply a patch
See the Systems Affected section for details, or contact your vendor directly.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|The SCO Group (SCO UnixWare)||Affected||28 Jan 2002||13 Sep 2002|
|Apple Computer Inc.||Not Affected||12 Sep 2002||16 Sep 2002|
|Hewlett-Packard Company||Not Affected||12 Sep 2002||24 Mar 2003|
|MontaVista Software||Not Affected||12 Sep 2002||16 Sep 2002|
|Openwall GNU/*/Linux||Not Affected||12 Sep 2002||16 Sep 2002|
CVSS Metrics (Learn More)
Thanks to jG gM for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
- CVE IDs: CAN-2002-0517
- Date Public: 28 May 97
- Date First Published: 16 Sep 2002
- Date Last Updated: 24 Mar 2003
- Severity Metric: 6.78
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.