VULHUB ™

Xvt is a terminal emulator for systems using X11R6. It is often installed setuid/setgid so that it runs with the enhanced privileges required to log user sessions. Xvt contains a buffer overflow condition in it's handling of the '-T' argument. Though this condition may or may not be exploitable, it should be of concern because Xvt is often installed to run with enhanced privileges. On some systems, Xvt is installed setuid root. On these systems local attackers would gain complete control over the affected host if successful. It may be the case that Xvt is installed with other enhanced but non-root privileges (such as gid 'utmp'). Compromise of these privileges may lead to further compromise or have other consequences (DoS, etc.).

Xvt is a terminal emulator for systems using X11R6. It is often installed setuid/setgid so that it runs with the enhanced privileges required to log user sessions. Xvt contains a buffer overflow condition in it's handling of the '-T' argument. Though this condition may or may not be exploitable, it should be of concern because Xvt is often installed to run with enhanced privileges. On some systems, Xvt is installed setuid root. On these systems local attackers would gain complete control over the affected host if successful. It may be the case that Xvt is installed with other enhanced but non-root privileges (such as gid 'utmp'). Compromise of these privileges may lead to further compromise or have other consequences (DoS, etc.).