Buffer overflow in Xprt

From: Paolo Molaro (lupusat_private)
Date: Mon Nov 09 1998 - 10:24:25 PST

Next message: Jochen Thomas Bauer: "(no subject)"

Previous message: Wietse Venema: "Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a buffer overflow in the postscript backend of the
Xprint server: look at the S_OutStr() function in the file psout.c.
A user-supplied variable-lenght string is stored in a 512 sized buffer.
This bug is present in version R6, public-patch-3 and later.

WORKAROUND: do not run the Xprt server.
FIX: make the function malloc() a buffer big enough and recompile.

xfree86 and opengroup have been notified a while ago.

lupus

--
"The number of UNIX installations has grown to 10, with more expected."
    - _The UNIX Programmer's Manual_, Second Edition, June, 1972.

Next message: Jochen Thomas Bauer: "(no subject)"
Previous message: Wietse Venema: "Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:32 PDT