Joined: 27 Jun 2003
Location: Gothenburg, Sweden
|Posted: Sun Mar 20, 2005 8:26 pm Post subject: [ GLSA 200503-23 ] rxvt-unicode: Buffer overflow
|Gentoo Linux Security Advisory
Title: rxvt-unicode: Buffer overflow (GLSA 200503-23)
Date: March 20, 2005
rxvt-unicode is vulnerable to a buffer overflow that could lead to the execution of arbitrary code.
rxvt-unicode is a clone of the well known terminal emulator rxvt.
Vulnerable: < 5.3
Unaffected: >= 5.3
Unaffected: < 4.8
Architectures: All supported architectures
Rob Holland of the Gentoo Linux Security Audit Team discovered that rxvt-unicode fails to properly check input length.
Successful exploitation would allow an attacker to execute arbitrary code with the permissions of the user running rxvt-unicode.
There is no known workaround at this time.
All rxvt-unicode users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-5.3"
Last edited by GLSA on Tue Jan 01, 2008 4:17 am; edited 4 times in total