Title: Xvt Buffer Overflow Vulnerability
Severity: HIGH
Description:
Xvt is a terminal emulator for systems using X11R6. It is often installed setuid/setgid so that it runs with the enhanced privileges required to log user sessions.
Xvt contains a buffer overflow in it's handling of the '-name' argument. If the argument is of excessive length, a stack overrun occurs and the extraneous data overwrites stack variables. This condition may permit an attacker to take control of the process. This would be accomplished by replacing a function return address with a pointer to supplied shellcode.
An attacker can exploit this buffer overflow to execute arbitrary code with the enhanced privileges of Xvt. On some systems, Xvt is installed setuid root. On these systems local attackers would gain complete control over the affected host if successful.
It may be the case that Xvt is installed with other enhanced but non-root privileges (such as gid 'utmp'). Compromise of these privileges may lead to further compromise or have other consequences (DoS, etc.).
Affected Products:
- John Bovey xvt 2.1.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
