Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 03 Mar 2015 10:06:30 +0000
From: Simon McVittie <smcv@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Debian / xterm #779397

On 03/03/15 09:19, Thomas Dickey wrote:
> | From: "Kurt Seifried" <kseifried@...hat.com>
> | 
> | $ xterm -S/dev/pts/20
> | *** buffer overflow detected ***: /usr/bin/xterm terminated
> |
> | Did this get a CVE? I don't see a DSA for xterm.
> 
> no - someone mentioned the problem in an email - nothing more was said

There's some discussion on the Debian bug about whether this should be
considered to be a security vulnerability, or just a bug. Not every
buffer overflow is a vulnerability: it can only be a vulnerability if an
attacker can trigger it.

Is there any reason why it would be useful/sensible to pass untrusted
(pseudo-terminal filename, fd) pairs to the -S option? It seems to me
that if you're passing partially or entirely attacker-controlled
filenames to this option, you have probably already lost.

    S

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ