Home page logo

bugtraq logo Bugtraq mailing list archives

rxvt update -- Immunix OS 6.2, 7.0-beta, and 7.0
From: Immunix Security Team <security () wirex com>
Date: Wed, 27 Jun 2001 14:54:28 -0700

        Immunix OS Security Advisory

Packages updated:       rxvt
Affected products:      Immunix OS 6.2, 7.0-beta, and 7.0
Bugs fixed:             immunix/1646
Date:                   Wed Jun 27 2001
Advisory ID:            IMNX-2001-70-028-01
Author:                 Seth Arnold <sarnold () wirex com>

  Samuel "Zorgon" Dralet has discovered a buffer overflow in rxvt, a
  terminal emulator for X11. This attack is stopped by StackGuard, so
  any exploits can at best kill rxvt; no code can be executed as a
  result of this vulnerability. This release checks the size of a buffer
  before writing data to it, preventing possible DoS attacks against

  Immunix OS does not ship rxvt setuid or setgid.

  Thanks to Samuel "Zorgon" Dralet for finding the problem and providing
  a solution.

  References: http://www.securityfocus.com/archive/1/191510

Package names and locations:
  Precompiled binary packages for Immunix 6.2 are available at:

  Source packages for Immunix 6.2 are available at:
  Precompiled binary packages for Immunix 7.0-beta and 7.0 are available at:
  Source package for Immunix 7.0-beta and 7.0 is available at:

Immunix OS 6.2 md5sums:
  e437825b2bbcd134f51b9e20e6b6baa7  RPMS/rxvt-2.6.1-8_StackGuard_1.i386.rpm
  de23da63d184eb57ebae4cb85cae0b97  SRPMS/rxvt-2.6.1-8_StackGuard_1.src.rpm

Immunix OS 7.0 md5sums:
  ce80b76ad782a76314a1e8060dc89a04  RPMS/rxvt-2.6.3-2_imnx_2.i386.rpm
  8ff018647dedc68d5823a1de6374811b  SRPMS/rxvt-2.6.3-2_imnx_2.src.rpm

GPG verification:                                                               
  Our public key is available at <http://wirex.com/security/GPG_KEY>.           
  *** NOTE *** This key is different from the one used in advisories            
  IMNX-2001-70-020-01 and earlier.

Online version of all Immunix 6.2 updates and advisories:

Online version of all Immunix 7.0-beta updates and advisories:

Online version of all Immunix 7.0 updates and advisories:

  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
  or one of the many mirrors available at:

Contact information:
  To report vulnerabilities, please contact security () wirex com  WireX 
  attempts to conform to the RFP vulnerability disclosure protocol

Attachment: _bin

  By Date           By Thread  

Current thread:
  • rxvt update -- Immunix OS 6.2, 7.0-beta, and 7.0 Immunix Security Team (Jun 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]