• info
• discussion
• exploit
• solution
• references

WindowMaker Image Handling Buffer Overflow Vulnerability

Solution:
Mandrake has released an advisory, MDKSA-2002:085, containing fixes. Information about obtaining and applying fixes can be found in the referenced advisory.

Red Hat has released advisory RHSA-2003:043-14 with fixes to address this issue.

Sun Microsystems has released a fix for Sun Linux 5.0.6.

Red Hat has released advisory RHSA-2003:009-09 to address this issue in their Linux Enterprise software. Relevant patches are available through the Red Hat Network. See the referenced advisory for additional details.

SGI has released an advisory (20031002-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10027) containing updated RPM packages relating to 22 different BIDS.

Patch 10027 can be obtained via the following link:
http://support.sgi.com/

For information regarding how to obtain individual RPM packages included in Patch 10027, please see the attached advisory.

Debian and Conectiva have released fixes:


Windowmaker Windowmaker 0.61.1

• RedHat WindowMaker-0.61.1-2.3.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/WindowMaker-0.61.1-2.3.i386.rp m

Windowmaker Windowmaker 0.62.1

• Conectiva WindowMaker-0.62.1-13U60_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-0.62.1-13U60_ 2cl.i386.rpm


• Conectiva WindowMaker-0.62.1-13U60_2cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/WindowMaker-0.62.1-13U60 _2cl.src.rpm


• Conectiva WindowMaker-devel-0.62.1-13U60_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-devel-0.62.1- 13U60_2cl.i386.rpm

Windowmaker Windowmaker 0.64

• RedHat WindowMaker-0.64.0-2.3.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/WindowMaker-0.64.0-2.3. ppc.rpm


• RedHat WindowMaker-0.64.0-2.3.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/WindowMaker-0.64.0-2.3. ppc.rpm


• RedHat WindowMaker-libs-0.64.0-2.3.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/WindowMaker-libs-0.64.0 -2.3.ppc.rpm


• RedHat WindowMaker-libs-0.64.0-2.3.ppc.rpm
  ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/WindowMaker-libs-0.64.0 -2.3.ppc.rpm


• RedHat WindowMaker-0.64.0-2.3.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/WindowMaker-0.64.0-2.3.i386.rp m


• RedHat WindowMaker-0.64.0-2.3.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/WindowMaker-0.64.0-2.3.i386.rp m


• RedHat WindowMaker-libs-0.64.0-2.3.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/WindowMaker-libs-0.64.0-2.3.i3 86.rpm


• RedHat WindowMaker-libs-0.64.0-2.3.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/WindowMaker-libs-0.64.0-2.3.i3 86.rpm


• Sun WindowMaker-0.65.1-4.2.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/WindowMaker-0.65.1-4.2.i386.rpm

Windowmaker Windowmaker 0.65.1

• Conectiva WindowMaker-0.65.1-2U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-0.65.1-2U70_2 cl.i386.rpm


• Conectiva WindowMaker-0.65.1-2U70_2cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/WindowMaker-0.65.1-2U70_ 2cl.src.rpm


• Conectiva WindowMaker-devel-0.65.1-2U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-0.65.1- 2U70_2cl.i386.rpm


• Conectiva WindowMaker-devel-static-0.65.1-2U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-static- 0.65.1-2U70_2cl.i386.rpm


• Conectiva WindowMaker-doc-0.65.1-2U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-doc-0.65.1-2U 70_2cl.i386.rpm


• RedHat WindowMaker-0.65.1-4.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/WindowMaker-0.65.1-4.2.i386.rp m


• RedHat WindowMaker-0.65.1-4.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/WindowMaker-0.65.1-4.2.ia64.rp m


• RedHat WindowMaker-libs-0.65.1-4.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/WindowMaker-libs-0.65.1-4.2.i3 86.rpm


• RedHat WindowMaker-libs-0.65.1-4.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/WindowMaker-libs-0.65.1-4.2.ia 64.rpm

Windowmaker Windowmaker 0.80

• Conectiva libwraster-2.2.0-13U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-2.2.0-13U80_1cl. i386.rpm


• Conectiva libwraster-devel-2.2.0-13U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-2.2.0-13U8 0_1cl.i386.rpm


• Conectiva libwraster-devel-static-2.2.0-13U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-static-2.2 .0-13U80_1cl.i386.rpm


• Conectiva WindowMaker-0.80.0-3U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-0.80.0-3U80_1cl .i386.rpm


• Conectiva WindowMaker-0.80.0-3U80_1cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/8/SRPMS/WindowMaker-0.80.0-3U80_1c l.src.rpm


• Conectiva WindowMaker-devel-0.80.0-3U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-0.80.0-3U 80_1cl.i386.rpm


• Conectiva WindowMaker-devel-static-0.80.0-3U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-static-0. 80.0-3U80_1cl.i386.rpm


• Conectiva WindowMaker-doc-0.80.0-3U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-doc-0.80.0-3U80 _1cl.i386.rpm


• Debian libwings-dev_0.80.0-4.1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.8 0.0-4.1_alpha.deb


• Debian libwings-dev_0.80.0-4.1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.8 0.0-4.1_arm.deb


• Debian libwings-dev_0.80.0-4.1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.8 0.0-4.1_hppa.deb


• Debian libwings-dev_0.80.0-4.1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.8 0.0-4.1_i386.deb


• Debian libwings-dev_0.80.0-4.1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.8 0.0-4.1_ia64.deb


• Debian libwings-dev_0.80.0-4.1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.8 0.0-4.1_m68k.deb


• Debian libwings-dev_0.80.0-4.1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.8 0.0-4.1_mips.deb


• Debian libwings-dev_0.80.0-4.1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.8 0.0-4.1_powerpc.deb


• Debian libwings-dev_0.80.0-4.1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.8 0.0-4.1_s390.deb


• Debian libwings-dev_0.80.0-4.1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.8 0.0-4.1_sparc.deb


• Debian libwmaker0-dev_0.80.0-4.1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0 .80.0-4.1_alpha.deb


• Debian libwmaker0-dev_0.80.0-4.1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0 .80.0-4.1_arm.deb


• Debian libwmaker0-dev_0.80.0-4.1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0 .80.0-4.1_hppa.deb


• Debian libwmaker0-dev_0.80.0-4.1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0 .80.0-4.1_i386.deb


• Debian libwmaker0-dev_0.80.0-4.1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0 .80.0-4.1_ia64.deb


• Debian libwmaker0-dev_0.80.0-4.1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0 .80.0-4.1_m68k.deb


• Debian libwmaker0-dev_0.80.0-4.1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0 .80.0-4.1_mips.deb


• Debian libwmaker0-dev_0.80.0-4.1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0 .80.0-4.1_powerpc.deb


• Debian libwmaker0-dev_0.80.0-4.1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0 .80.0-4.1_s390.deb


• Debian libwmaker0-dev_0.80.0-4.1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0 .80.0-4.1_sparc.deb


• Debian libwraster2-dev_0.80.0-4.1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_ 0.80.0-4.1_alpha.deb


• Debian libwraster2-dev_0.80.0-4.1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_ 0.80.0-4.1_arm.deb


• Debian libwraster2-dev_0.80.0-4.1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_ 0.80.0-4.1_hppa.deb


• Debian libwraster2-dev_0.80.0-4.1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_ 0.80.0-4.1_i386.deb


• Debian libwraster2-dev_0.80.0-4.1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_ 0.80.0-4.1_ia64.deb


• Debian libwraster2-dev_0.80.0-4.1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_ 0.80.0-4.1_m68k.deb


• Debian libwraster2-dev_0.80.0-4.1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_ 0.80.0-4.1_mips.deb


• Debian libwraster2-dev_0.80.0-4.1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_ 0.80.0-4.1_powerpc.deb


• Debian libwraster2-dev_0.80.0-4.1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_ 0.80.0-4.1_s390.deb


• Debian libwraster2-dev_0.80.0-4.1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_ 0.80.0-4.1_sparc.deb


• Debian libwraster2_0.80.0-4.1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80 .0-4.1_alpha.deb


• Debian libwraster2_0.80.0-4.1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80 .0-4.1_arm.deb


• Debian libwraster2_0.80.0-4.1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80 .0-4.1_hppa.deb


• Debian libwraster2_0.80.0-4.1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80 .0-4.1_i386.deb


• Debian libwraster2_0.80.0-4.1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80 .0-4.1_ia64.deb


• Debian libwraster2_0.80.0-4.1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80 .0-4.1_m68k.deb


• Debian libwraster2_0.80.0-4.1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80 .0-4.1_mips.deb


• Debian libwraster2_0.80.0-4.1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80 .0-4.1_powerpc.deb


• Debian libwraster2_0.80.0-4.1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80 .0-4.1_s390.deb


• Debian libwraster2_0.80.0-4.1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80 .0-4.1_sparc.deb


• Debian wmaker_0.80.0-4.1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4. 1_alpha.deb


• Debian wmaker_0.80.0-4.1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4. 1_arm.deb


• Debian wmaker_0.80.0-4.1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4. 1_hppa.deb


• Debian wmaker_0.80.0-4.1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4. 1_i386.deb


• Debian wmaker_0.80.0-4.1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4. 1_ia64.deb


• Debian wmaker_0.80.0-4.1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4. 1_m68k.deb


• Debian wmaker_0.80.0-4.1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4. 1_mips.deb


• Debian wmaker_0.80.0-4.1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4. 1_powerpc.deb


• Debian wmaker_0.80.0-4.1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4. 1_s390.deb


• Debian wmaker_0.80.0-4.1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4. 1_sparc.deb


• RedHat WindowMaker-0.80.0-9.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/WindowMaker-0.80.0-9.3.i386.rp m


• RedHat WindowMaker-0.80.1-5.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/WindowMaker-0.80.1-5.i386.rpm


• RedHat WindowMaker-libs-0.80.0-9.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/WindowMaker-libs-0.80.0-9.3.i3 86.rpm


• RedHat WindowMaker-libs-0.80.1-5.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/WindowMaker-libs-0.80.1-5.i386 .rpm