Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
source: wwwsecurityfocuscom/bid/3160/info
Xlock is a utility for locking X-windows displays It is installed setuid root because it uses the user's password to authorize access to the display when it is locked
The version of xlock that ships with Solaris as part of OpenWindows contains a heap overflow in it's handling of an environment ...
source: wwwsecurityfocuscom/bid/3160/info
Xlock is a utility for locking X-windows displays It is installed setuid root because it uses the user's password to authorize access to the display when it is locked
The version of xlock that ships with Solaris as part of OpenWindows contains a heap overflow in it's handling of an environmen ...