Re: cxterm buffer overrun

Sergiusz Fonrobert (leto@ARRAKIS.CS.PUT.POZNAN.PL)
Thu, 15 May 1997 12:22:44 +0200

On Wed, 14 May 1997, Aleph One wrote:

> ---------- Forwarded message ----------
> Date: Wed, 14 May 1997 09:30:19 -0700
> From: Ming Zhang <mzhang@softcom.net>
> Reply-To: linux-security@redhat.com
> To: linux-security@redhat.com
> Subject: [linux-security] cxterm buffer overrun
>
> cxterm is a Chinese terminal emulator for the X Window System.
> It's installed as suid-root by default if you did a make install.
> Just like xterm, it does needs to be suid to update
> /etc/utmp...blahblah...
>
> I discovered some buffer overflow bugs in it. The code
> attached below is the exploit.
>
> Quick fix? chmod -s /path/cxterm
>
This bug exits in color_xterm
I tested exploit on Slackware 3.1 and it work
leto@arrakis.cs.put.poznan.pl