The SCO Group (SCO UnixWare) Information for VU#169059

X11 vulnerable to buffer overflow in handling of -xrm option



Vendor Statement

Any command linked to this library that accepts the -xrm option [including xterm] will core dump if a long string is used as the argument. Any setuid setgid program that accepts the -xrm option is vulnerable to attack.

We now have fixes for this issue for both Open UNIX and UnixWare on our security website:

as advisory CSSA-2002-SCO.15.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.