September 21, 2001

wmaker/WindowMaker security advisory

Author: JT Smith

Posted at "The window manager Window Maker was found vulnerable to a buffer overflow
due to improper bounds checking when setting the window title.
An attacker can remotely exploit this buffer overflow by using malicious
web page titles or terminal escape sequences to set a excessively long
window title.
This attack can lead to remote command execution with the privileges of
the user running Window Maker.

A temporary fix does not exist; we recommend to update your system with
the new RPM from our FTP server."


  • Linux
Click Here!