X11 xterm program contains a locally exploitable buffer overflow

xfree86-xterm-xaw (963) The risk level is classified as HighHigh Risk


The xterm program in XFree86 and several other X11 distributions is vulnerable to a buffer overflow. A local attacker can overflow a buffer to gain root privileges.


Gain Privileges


This vulnerability has been observed in all releases of X11 from the Open Group up to R6.4 and future versions will be corrected. This vulnerability also affects XFree86 up to and including version 3.3.2. Users should obtain and apply patch 1 to remedy this vulnerability or, preferably, upgrade to the latest release available.

Users of affected IRIX systems should apply the appropriate patch for your system, as listed in CIAC Information Bulletin J-010.

IRIX 6.5 users should upgrade version of IRIX (6.5.1 or later) and other users should upgrade to one of the supported versions and then apply the appropriate patch for your system.


Platforms Affected:

  • SGI IRIX 3.2
  • SGI IRIX 3.3
  • SGI IRIX 3.3.1
  • SGI IRIX 3.3.2
  • SGI IRIX 3.3.3
  • SGI IRIX 4.0
  • SGI IRIX 4.0.1
  • SGI IRIX 4.0.1t
  • SGI IRIX 4.0.2
  • SGI IRIX 4.0.3
  • SGI IRIX 4.0.4
  • SGI IRIX 4.0.4b
  • SGI IRIX 4.0.4t
  • SGI IRIX 4.0.5
  • SGI IRIX 4.0.5a
  • SGI IRIX 4.0.5b
  • SGI IRIX 4.0.5d
  • SGI IRIX 4.0.5e
  • SGI IRIX 4.0.5f
  • SGI IRIX 4.0.5g
  • SGI IRIX 4.0.5h
  • SGI IRIX 4.0.5_iop
  • SGI IRIX 4.0.5_ipr
  • SGI IRIX 5.0
  • SGI IRIX 5.0.1
  • SGI IRIX 5.1
  • SGI IRIX 5.1.1
  • SGI IRIX 5.2
  • SGI IRIX 5.3 XFS
  • SGI IRIX 5.3
  • SGI IRIX 6.0
  • SGI IRIX 6.0.1
  • SGI IRIX 6.1
  • SGI IRIX 6.2
  • SGI IRIX 6.3
  • SGI IRIX 6.4
  • SGI IRIX 6.5
  • X.Org X11


Apr 27, 1998

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page