Debian Security Advisory

DSA-062-1 rxvt -- buffer overflow

Date Reported:
16 Jun 2001
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 2878.
In Mitre's CVE dictionary: CVE-2001-1077.
More information:
Samuel Dralet reported on bugtraq that version 2.6.2 of rxvt (a VT102 terminal emulator for X) have a buffer overflow in the tt_printf() function. A local user could abuse this making rxvt print a special string using that function, for example by using the -T or -name command-line options. That string would cause a stack overflow and contain code which rxvt will execute.

Since rxvt is installed sgid utmp an attacker could use this to gain utmp which would allow them to modify the utmp file.

This has been fixed in version 2.6.2-2.1, and we recommend that you upgrade your rxvt package.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Intel IA-32:
Motorola 680x0:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.