Lucene search

Gentoo FoundationGLSA-200503-23

HistoryMar 20, 2005 - 12:00 a.m.

rxvt-unicode: Buffer overflow

2005-03-2000:00:00

Gentoo Foundation

security.gentoo.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

89.0%

JSON

Background

rxvt-unicode is a clone of the well known terminal emulator rxvt.

Description

Rob Holland of the Gentoo Linux Security Audit Team discovered that rxvt-unicode fails to properly check input length.

Impact

Successful exploitation would allow an attacker to execute arbitrary code with the permissions of the user running rxvt-unicode.

Workaround

There is no known workaround at this time.

Resolution

All rxvt-unicode users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=x11-terms/rxvt-unicode-5.3"

OSVersionArchitecturePackageVersionFilename
Gentooanyallx11-terms/rxvt-unicode< 5.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	x11-terms/rxvt-unicode	< 5.3	UNKNOWN

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

89.0%

JSON

Related for GLSA-200503-23