Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Debian Security Advisory: rxvt buffer overflow

Debian Security Advisory: rxvt buffer overflow

by platon on June 18th, 2001 Samuel Dralet reported on bugtraq that version 2.6.2 of rxvt (a VT102 terminal emulator for X) have a buffer overflow in the tt_printf() function. A local user could abuse this making rxvt print a special string using that function, for example by using the -T or -name command-line options. That string would cause a stack overflow and contain code which rxvt will execute.




Since rxvt is installed sgid utmp an attacker could use this
to gain utmp which would allow him to modify the utmp file.


This has been fixed in version 2.6.2-2.1, and we recommend that
you upgrade your rxvt package.



wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »