Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Window Maker Window Title Buffer Overflow

Window Maker Window Title Buffer Overflow

by Phiber on September 22nd, 2001 WindowMaker contains a buffer overflow that may be exploitable by remote attackers. The overflow conditions are present when X11 applications are setting the title of their windows.


The 'sprintf' libc function allows for the construction of a string based on format specifiers. Unfortunately there is no bounds checking done by 'sprintf'. If the length of the created string exceeds the length of the buffer allocated for it, 'sprintf' will write the excessive data to neighboring memory. There are numerous instances of 'sprintf' usage that may each be exploitable involving setting the window title. Because the application is responsible for setting the window title, this vulnerability can be exploited by malicious X11 programs.


- This vulnerability can be exploited by remote hosts that are allowed to connect to the Xserver. On some systems, default configurations permitting any hosts to connect to the XServer may open up the host on which Window Maker is running to remote compromise.


- This vulnerability can be exploited by X11 applications which can connect to the Xserver. Any arbitrary code that is executed will run with the privileges of the window manager. It will also execute on the system where it is running.


Solution:

Upgrade to the latest version, or download a patch from your Linux distribution Vendor.


FYI:

Window maker is a X Windows window manager.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »