Author: JT Smith
LinuxSecurity: “Robert Marshall reported a crash problem with Window Maker. Further
investigation by Alban Hertroys showed this to be a buffer overflow
in the window title handling code.
Many applications, in particular web browsers, set the window title
to something obtained from the network, such as the title of a
webpage being viewed by an user. Thus this could be exploited
remotely.
The authors of Window Maker, with contributions from Alban Hertroys,
released a new version (0.65.1) which addresses this vulnerability. A
patch was made available for previous versions.”
investigation by Alban Hertroys showed this to be a buffer overflow
in the window title handling code.
Many applications, in particular web browsers, set the window title
to something obtained from the network, such as the title of a
webpage being viewed by an user. Thus this could be exploited
remotely.
The authors of Window Maker, with contributions from Alban Hertroys,
released a new version (0.65.1) which addresses this vulnerability. A
patch was made available for previous versions.”
Category:
- Linux
