Title: Xvt -T Buffer Overflow Vulnerability
Severity: MODERATE
Description:
Xvt is a terminal emulator for systems using X11R6. It is often installed setuid/setgid so that it runs with the enhanced privileges required to log user sessions.
Xvt contains a buffer overflow in it's handling of the '-T' argument. When the argument to this option is excessive in length, an invalid memory access will occur and the program will crash. It is not known for sure what the cause is, however it is likely that an overrun is occuring during an unbounded memory copy.
The segfault likely occurs when the process attempts to dereference pointers that have been corrupted due to the overrun.
This overflow may occur in the heap region of memory.
Though this condition may or may not be exploitable, it should be of concern because Xvt is often installed to run with enhanced privileges. On some systems, Xvt is installed setuid root. On these systems local attackers would gain complete control over the affected host if successful.
It may be the case that Xvt is installed with other enhanced but non-root privileges (such as gid 'utmp'). Compromise of these privileges may lead to further compromise or have other consequences (DoS, etc.).
Affected Products:
- Debian Linux 2.2.0
- Debian Linux 2.2.0 68k
- Debian Linux 2.2.0 alpha
- Debian Linux 2.2.0 arm
- Debian Linux 2.2.0 powerpc
- Debian Linux 2.2.0 sparc
- John Bovey xvt 2.1.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
