Author: JT Smith
From LWN.net: “Klaus Frank has found a vulnerability in the way gnuserv handled
remote connections. Gnuserv is a remote control facility for Emacsen
which is available as standalone program as well as included in
XEmacs21. Gnuserv has a buffer for which insufficient boundary checks
were made. Unfortunately this buffer affected access control to
gnuserv which is using a MIT-MAGIC-COOCKIE based system. It is
possible to overflow the buffer containing the cookie and foozle
cookie comparison.”
remote connections. Gnuserv is a remote control facility for Emacsen
which is available as standalone program as well as included in
XEmacs21. Gnuserv has a buffer for which insufficient boundary checks
were made. Unfortunately this buffer affected access control to
gnuserv which is using a MIT-MAGIC-COOCKIE based system. It is
possible to overflow the buffer containing the cookie and foozle
cookie comparison.”
Category:
- Linux
