Date: Tue, 03 Mar 2015 10:06:30 +0000 From: Simon McVittie <smcv@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Re: Debian / xterm #779397 On 03/03/15 09:19, Thomas Dickey wrote: > | From: "Kurt Seifried" <kseifried@...hat.com> > | > | $ xterm -S/dev/pts/20 > | *** buffer overflow detected ***: /usr/bin/xterm terminated > | > | Did this get a CVE? I don't see a DSA for xterm. > > no - someone mentioned the problem in an email - nothing more was said There's some discussion on the Debian bug about whether this should be considered to be a security vulnerability, or just a bug. Not every buffer overflow is a vulnerability: it can only be a vulnerability if an attacker can trigger it. Is there any reason why it would be useful/sensible to pass untrusted (pseudo-terminal filename, fd) pairs to the -S option? It seems to me that if you're passing partially or entirely attacker-controlled filenames to this option, you have probably already lost. S
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.