GLSA
Administrator
Joined: 27 Jun 2003
Posts: 4975
Location: Gothenburg, Sweden
|
 Posted: Sun Mar 20, 2005 8:26 pm Post subject: [ GLSA 200503-23 ] rxvt-unicode: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: rxvt-unicode: Buffer overflow (GLSA 200503-23)
Severity: normal
Exploitable: remote
Date: March 20, 2005
Bug(s): #84680
ID: 200503-23
Synopsis
rxvt-unicode is vulnerable to a buffer overflow that could lead to the
execution of arbitrary code.
Background
rxvt-unicode is a clone of the well known terminal emulator rxvt.
Affected Packages
Package: x11-terms/rxvt-unicode
Vulnerable: < 5.3
Unaffected: >= 5.3
Unaffected: < 4.8
Architectures: All supported architectures
Description
Rob Holland of the Gentoo Linux Security Audit Team discovered
that rxvt-unicode fails to properly check input length.
Impact
Successful exploitation would allow an attacker to execute
arbitrary code with the permissions of the user running rxvt-unicode.
Workaround
There is no known workaround at this time.
Resolution
All rxvt-unicode users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-5.3" |
References
CAN-2005-0764
Last edited by GLSA on Mon Jan 20, 2014 8:23 am; edited 6 times in total |
|
News & Announcements
