Re: CERT* VB-98.04: Vulnerabilities in xterm and Xaw
On Tue, Apr 28, 1998 at 05:57:55PM +0200, A Mennucc wrote:
> > Vulnerabilities exist in the terminal emulator xterm(1), and the Xaw
> > library distributed in various MIT X Consortium; X Consortium, Inc.;
> > and The Open Group X Project Team releases. These vulnerabilities may
> > be exploited by an intruder to gain root access.
>
> the only solutions seems to
>
> chmod 0755 `which xterm`
Or to apply a patch that TOG sent to their members, but didn't think to do
anything useful like include it in the alert itself. It's probably not free
anyway :(
Since a program as complicated as xterm is always likely to contain security
problems, we probably should leave it un-suid anyway, even once we have
patched it to fix the bugs mentioned.
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: