Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 81505
Alias:
Product:
Component:
Status: RESOLVED
Resolution: DUPLICATE of bug 78118
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Luke Macken (RETIRED) <lewk@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 81505 depends on: Show dependency tree
Bug 81505 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-02-10 08:09 0000 
TITLE:
XView "xv_parse_one()" Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA14213

VERIFY ADVISORY:
http://secunia.com/advisories/14213/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
XView 3.x
http://secunia.com/product/4632/

DESCRIPTION:
Erik Sj?lund has reported a vulnerability in XView, which potentially
can be exploited by malicious, local users to gain escalated
privileges.

The vulnerability is caused due to some boundary errors in the
function "xv_parse_one()" in "xv_parse.c". This may be exploited to
cause a buffer overflow and execute arbitrary code with escalated
privileges via a setuid application linked against the vulnerable
library.

SOLUTION:
Grant only trusted users access to affected systems.

PROVIDED AND/OR DISCOVERED BY:
Erik Sj?lund

ORIGINAL ADVISORY:
http://www.debian.org/security/2005/dsa-672

------- Comment #1 From Luke Macken (RETIRED) 2005-02-10 08:11:37 0000 ------- 

*** This bug has been marked as a duplicate of 78118 ***
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug