Re: CERT* VB-98.04: Vulnerabilities in xterm and Xaw

To: debian-devel@lists.debian.org
Subject: Re: CERT* VB-98.04: Vulnerabilities in xterm and Xaw
From: Mark Baker <mbaker@iee.org>
Date: Tue, 28 Apr 1998 17:12:22 +0100
Message-id: <[🔎] 19980428171222.A21934@aziraphale.pet.cam.ac.uk>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] m0yUClY-00008SC@Tonelli.sns.it>; from A Mennucc on Tue, Apr 28, 1998 at 05:57:55PM +0200
References: <[🔎] m0yUClY-00008SC@Tonelli.sns.it>

On Tue, Apr 28, 1998 at 05:57:55PM +0200, A Mennucc wrote:

> > Vulnerabilities exist in the terminal emulator xterm(1), and the Xaw
> > library distributed in various MIT X Consortium; X Consortium, Inc.;
> > and The Open Group X Project Team releases. These vulnerabilities may
> > be exploited by an intruder to gain root access. 
> 
> the only solutions seems to
> 
>   chmod 0755 `which xterm`

Or to apply a patch that TOG sent to their members, but didn't think to do
anything useful like include it in the alert itself. It's probably not free
anyway :(

Since a program as complicated as xterm is always likely to contain security
problems, we probably should leave it un-suid anyway, even once we have
patched it to fix the bugs mentioned.

--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: CERT* VB-98.04: Vulnerabilities in xterm and Xaw
  - From: Branden Robinson <branden@purdue.edu>

References:
- CERT* VB-98.04: Vulnerabilities in xterm and Xaw
  - From: sysman@Tonelli.sns.it (A Mennucc)

Prev by Date: What's an easy installation?
Next by Date: Re: Directory for dictionary databases
Previous by thread: CERT* VB-98.04: Vulnerabilities in xterm and Xaw
Next by thread: Re: CERT* VB-98.04: Vulnerabilities in xterm and Xaw
Index(es):
- Date
- Thread