Multiple X application libX11 _XAsyncReply() Stack Corruption Vulnerability

Multiple X application libX11 _XAsyncReply() Stack Corruption Vulnerability

Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

If xterm, and other applications are not setuid, this attack will not work. This attack does not require the X server be present on a local machine -- by setting the DISPLAY variable, an exploit version of an X server could be anywhere on the internet, on a fairly arbitrary port.