Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 03 Mar 2015 10:06:30 +0000
From: Simon McVittie <smcv@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Debian / xterm #779397

On 03/03/15 09:19, Thomas Dickey wrote:
> | From: "Kurt Seifried" <kseifried@...hat.com>
> | 
> | $ xterm -S/dev/pts/20
> | *** buffer overflow detected ***: /usr/bin/xterm terminated
> |
> | Did this get a CVE? I don't see a DSA for xterm.
> 
> no - someone mentioned the problem in an email - nothing more was said

There's some discussion on the Debian bug about whether this should be
considered to be a security vulnerability, or just a bug. Not every
buffer overflow is a vulnerability: it can only be a vulnerability if an
attacker can trigger it.

Is there any reason why it would be useful/sensible to pass untrusted
(pseudo-terminal filename, fd) pairs to the -S option? It seems to me
that if you're passing partially or entirely attacker-controlled
filenames to this option, you have probably already lost.

    S

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.