March 9, 2001

Advisory for XEmacs, gnuserve

Author: JT Smith

From "Klaus Frank has found a vulnerability in the way gnuserv handled
remote connections. Gnuserv is a remote control facility for Emacsen
which is available as standalone program as well as included in
XEmacs21. Gnuserv has a buffer for which insufficient boundary checks
were made. Unfortunately this buffer affected access control to
gnuserv which is using a MIT-MAGIC-COOCKIE based system. It is
possible to overflow the buffer containing the cookie and foozle
cookie comparison."


  • Linux
Click Here!