Linux xosview Vulnerability

xosview is an X11 system monitoring application that ships with RedHat 5.1 installed setuid root. A buffer overflow vulnerability was found in Xrm.cc, the offending code listed below:

char userrfilename[1024];

strcpy(userrfilename, getenv("HOME"));

The userfilename can be overflowed and arbritrary code executed to gain root access locally.


 

Privacy Statement
Copyright 2010, SecurityFocus