Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 307 - Important security Issue with imlib2 and eterm
Summary: Important security Issue with imlib2 and eterm
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: x86 Linux
: High trivial (vote)
Assignee: Geert Bevin
Depends on:
Reported: 2002-01-24 06:50 UTC by Ferry Meyndert
Modified: 2003-02-04 19:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Ferry Meyndert 2002-01-24 06:50:51 UTC
Date:  Jan 22 2002

Impact:  Execution of arbitrary code via local system, User access via local system

Fix Available:  Yes   Vendor Confirmed:  Yes  

Version(s): eterm 0.9.1-2; libimlib2 1.0.4-1

Description:  A buffer overflow vulnerability was reported in the Eterm terminal
emulator. A local user can obtain elevated privileges on the host.

A local user can trigger an overflow in the processing of the HOME environment
variable and cause arbitrary code to be executed with 'utmp' group privileges.
It is reported that the buffer overflow may be in imlib2 rather than Eterm.

Impact:  A local user can execute arbitrary code on the host with 'utmp' group
privileges to gain 'utmp' group privileges on the host.

Solution:  The vendor reports that Imlib2 1.0.5 has been released to fix this
bug. The source tarball may be downloaded immediately from:

renaming the ebuild worked for me.
Comment 1 Geert Bevin 2002-01-24 07:05:11 UTC