• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: WindowMaker Image Handling Buffer Overflow Vulnerability

Severity: HIGH

Description:

WindowMaker is a popular window manager for X11 systems. A buffer overflow vulnerability has been reported in WindowMaker.

The condition occurs when processing malformed images. According to the report, a buffer for the image data is allocated based on the length and width fields in the file. Allegedly, there is no bounds checking against the buffer size when reading the actual image data from the file. As a result, it may be possible to overrun the allocated buffer and corrupt adjacent memory.

Exploitation of this vulnerability requires that the victim process a specially constructed image file. This may be accomplished by including the file in a malicious "theme" and then transmitting it to the victim or placing it on a distribution HTTP/FTP server (in hopes that a victim will download it and use/preview it).

Affected Products:

• Conectiva Linux 4.2.0
• Conectiva Linux 5.0.0
• Conectiva Linux 5.1.0
• Conectiva Linux 6.0.0
• Conectiva Linux 7.0.0
• Conectiva Linux 8.0.0
• Debian Linux 2.2.0
• Debian Linux 3.0.0
• Debian Linux 3.0.0 alpha
• Debian Linux 3.0.0 arm
• Debian Linux 3.0.0 hppa
• Debian Linux 3.0.0 ia-32
• Debian Linux 3.0.0 ia-64
• Debian Linux 3.0.0 m68k
• Debian Linux 3.0.0 mips
• Debian Linux 3.0.0 mipsel
• Debian Linux 3.0.0 ppc
• Debian Linux 3.0.0 s/390
• Debian Linux 3.0.0 sparc
• FreeBSD FreeBSD 3.2.0
• MandrakeSoft Linux Mandrake 7.2.0
• MandrakeSoft Linux Mandrake 8.0.0
• MandrakeSoft Linux Mandrake 8.0.0 ppc
• MandrakeSoft Linux Mandrake 8.1.0
• MandrakeSoft Linux Mandrake 8.1.0 ia64
• MandrakeSoft Linux Mandrake 8.2.0
• MandrakeSoft Linux Mandrake 8.2.0 ppc
• MandrakeSoft Linux Mandrake 9.0.0
• RedHat Enterprise Linux AS 2.1
• RedHat Linux 5.2.0 i386
• RedHat Linux 6.0.0
• RedHat Linux 6.2.0
• RedHat Linux 6.2.0 i386
• RedHat Linux 7.0.0
• RedHat Linux 7.0.0 i386
• RedHat Linux 7.1.0
• RedHat Linux 7.1.0 i386
• RedHat Linux 7.2.0
• RedHat Linux 7.2.0 i386
• RedHat Linux 7.2.0 ia64
• RedHat Linux 7.3.0
• RedHat Linux 7.3.0 i386
• RedHat Linux 8.0.0
• RedHat Linux 8.0.0 i386
• RedHat Linux Advanced Work Station 2.1.0
• SGI ProPack 2.2.1
• SGI ProPack 2.3.0
• Sun Linux 5.0.0
• Sun Linux 5.0.6
• Windowmaker Windowmaker 0.20.1 -3
• Windowmaker Windowmaker 0.52.0 -2
• Windowmaker Windowmaker 0.53.0
• Windowmaker Windowmaker 0.61.0
• Windowmaker Windowmaker 0.61.1
• Windowmaker Windowmaker 0.62.0
• Windowmaker Windowmaker 0.62.1
• Windowmaker Windowmaker 0.63.0
• Windowmaker Windowmaker 0.63.1
• Windowmaker Windowmaker 0.64.0
• Windowmaker Windowmaker 0.65.0
• Windowmaker Windowmaker 0.65.1
• Windowmaker Windowmaker 0.80.0

References:

• Red Hat: RHSA-2003-009
• Red Hat: RHSA-2003:043-14 Updated WindowMaker packages fix vulnerability in theme-loadin
• Sun Microsystems: Sun Alert ID: 55881

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.