Christophe Bailleux reported on bugtraq that Xvt is vulnerable to a
buffer overflow in its argument handling Since Xvt is installed
setuid root, it was possible for a normal user to pass
carefully-crafted arguments to xvt so that xvt executed a root shell
This problem has been fixed by the maintainer in version 21-13 of xvt
for Debian unstable a ...
source: wwwsecurityfocuscom/bid/2955/info
Xvt is a terminal emulator for systems using X11R6 It is often installed setuid/setgid so that it runs with the enhanced privileges required to log user sessions
Xvt contains a buffer overflow in it's handling of the '-name' argument
An attacker can exploit this buffer overflow to exploit arb ...