Vulnerability Detail

Chinese xterm (cxterm) vulnerability

Date Discovered:
31 Dec 1996

Date Published:
8 Mar 2000

Last Updated:
30 Nov 2005

Threat Assessment

Overall Risk: Medium

Popularity : Medium

Impact: High

Simplicity: Medium

Characteristics

Vulnerability ID: 328
Discovered By: anonymous

Exploitable Locally: Yes
Exploitable Remotely: No

Impact: Local users could gain root access to the target system.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

There is a buffer overflow condition in /usr/X11R6/bin/cxterm that can allow an attacker to gain root access. The program is setuid root and an attacker can overrun the internal stack and execute commands as root.

Recommendations

Upgrade to the latest version of Xfree86 from www.xfree86.org. Remove the setuid bit from the program with:

chmod -s /usr/X11R6/bin/cxterm.Upgrade to the latest version of Xfree86 from www.xfree86.org. Remove the setuid bit from the program with:

chmod -s /usr/X11R6/bin/cxterm.

Affected Technologies

Slackware Linux, Inc: Slackware Linux 3.1
Slackware Linux, Inc: Slackware Linux 3.2

References

Mitre CVE: CVE-2002-2270

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools