August 14, 2001

Conectiva: 'windowmaker' buffer overflow

Author: JT Smith

LinuxSecurity: "Robert Marshall reported a crash problem with Window Maker. Further
investigation by Alban Hertroys showed this to be a buffer overflow
in the window title handling code.
Many applications, in particular web browsers, set the window title
to something obtained from the network, such as the title of a
webpage being viewed by an user. Thus this could be exploited
remotely.
The authors of Window Maker, with contributions from Alban Hertroys,
released a new version (0.65.1) which addresses this vulnerability. A
patch was made available for previous versions."

Category:

  • Linux
Click Here!