XConq Multiple Environment Variable Buffer Overflow Vulnerabilities

info
discussion
exploit
solution
references

XConq Multiple Environment Variable Buffer Overflow Vulnerabilities

Multiple locally exploitable buffer overflows have been reported in xconq. This is due to insufficient bounds checking of data supplied via the USER and DISPLAY environment variables, and could allow execution of code in the context of the program, which is typically installed setgid 'games'.

This issue appears similar to BID 1495.