Date: Jan 22 2002
Impact: Execution of arbitrary code via local system, User access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): eterm 0.9.1-2; libimlib2 1.0.4-1
Description: A buffer overflow vulnerability was reported in the Eterm terminal
emulator. A local user can obtain elevated privileges on the host.
A local user can trigger an overflow in the processing of the HOME environment
variable and cause arbitrary code to be executed with 'utmp' group privileges.
It is reported that the buffer overflow may be in imlib2 rather than Eterm.
Impact: A local user can execute arbitrary code on the host with 'utmp' group
privileges to gain 'utmp' group privileges on the host.
Solution: The vendor reports that Imlib2 1.0.5 has been released to fix this
bug. The source tarball may be downloaded immediately from:
renaming the ebuild worked for me.