COMMAND

    libXView

SYSTEMS AFFECTED

    Any OS running X11 and xview.

PROBLEM

    Yet another  buffer overflow.  This one  is in  the xview library.
    Well, it's  buffer overflowS  because there  are several overflows
    in the code.   Most of them  happen while getting  and environment
    variable and copying it into a fixed-length buffer.

    Affected functions:

    ------------------ dflts_put.c
    static void node_write(path_name, file_name, status, flag)

    ------------------ font.c
    static Font_locale_info *find_font_locale_info(server, avlist)

    ------------------  wckind.c
    void _wckind_init()

    ------------------ server.c
    Pkg_private int server_init(parent, server_public, avlist)
    static void server_setlocale_to_default(server)
    static void server_init_atoms(server_public)

    ------------------ txt_e_menu.c
    Pkg_private char * textsw_get_extras_filename(mi)

    ------------------ tty_map_key.c
    Pkg_private void ttysw_readrc(ttysw)

    For  the  exploits,  well,  eh,  spot  a setuid root xview program
    and  implement  a  standart  buffer  overflow  with  any  affected
    environment   variable:    DEFAULT_FILES,    OPENWINHOME,    HOME,
    XVIEW_DEFAULT_LOCALE, PROMPT.  Credit goes to Nicolas Dubee.

SOLUTION

    Current version  is (3.2p1.4  at this  point) and  it's vulnerable
    and surely  older ones  are bulnerable  too (3.x  verified).  Wait
    for upgrade and don't use xview.