XTerm Title Bar Buffer Overflow Vulnerability

XFree86 is a freely available implementation of the X Window System. It is maintained by public domain, and package with many Linux, Unix and Unix clone operating systems.

A problem could allow an attacker to overwrite stack variables, including the return address of the process. An excessively long string is supplied with the -title option of xterm results in a buffer overflow.

Since xterm is included on most systems as a setuid root executable, this makes it possible for a malicious local user to execute arbitrary code as root.


Privacy Statement
Copyright 2010, SecurityFocus