rxvt-unicode: Buffer overflow — GLSA 200503-23

rxvt-unicode is vulnerable to a buffer overflow that could lead to the execution of arbitrary code.

Affected Packages

x11-terms/rxvt-unicode on all architectures
Affected versions < 5.3
Unaffected versions >= 5.3, < 4.8

Background

rxvt-unicode is a clone of the well known terminal emulator rxvt.

Description

Rob Holland of the Gentoo Linux Security Audit Team discovered that rxvt-unicode fails to properly check input length.

Impact

Successful exploitation would allow an attacker to execute arbitrary code with the permissions of the user running rxvt-unicode.

Workaround

There is no known workaround at this time.

Resolution

All rxvt-unicode users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-5.3"

References

Release Date
March 20, 2005

Latest Revision
March 20, 2005: 01

Severity
normal

Exploitable
remote

Bugzilla entries