xvt -- Buffer Overflow

ID DSA-082
Type debian
Reporter Debian
Modified 2001-10-18T00:00:00


Christophe Bailleux reported on bugtraq that Xvt is vulnerable to a buffer overflow in its argument handling. Since Xvt is installed setuid root, it was possible for a normal user to pass carefully-crafted arguments to xvt so that xvt executed a root shell.

This problem has been fixed by the maintainer in version 2.1-13 of xvt for Debian unstable and 2.1-13.0potato.1 for the stable Debian GNU/Linux 2.2.

We recommend that you upgrade your xvt package immediately.