The SCO Group (SCO UnixWare) Information for VU#169059
X11 vulnerable to buffer overflow in handling of -xrm option
- Vendor Information Help Date Notified: 28 Jan 2002
- Statement Date:
- Date Updated: 13 Sep 2002
Any command linked to this library that accepts the -xrm option [including xterm] will core dump if a long string is used as the argument. Any setuid setgid program that accepts the -xrm option is vulnerable to attack.
We now have fixes for this issue for both Open UNIX and UnixWare on our security website:
as advisory CSSA-2002-SCO.15.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.