Debian Security Advisory DSA 074-1 (wmaker) Network Vulnerability

Summary

The remote host is missing an update to wmaker announced via advisory DSA 074-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20074-1

Insight

Alban Hertroys found a buffer overflow in Window Maker (a popular window manager for X). The code that handles titles in the window list menu did not check the length of the title when copying it to a buffer. Since applications will set the title using untrusted data (for example web browsers will set the title of their window to the title of the web-page being shown) this could be exploited remotely. This has been fixed in version 0.61.1-4.1 of the Debian package, and upstream version 0.65.1.

Severity

Classification

CVE CVE-2001-1027
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 047-1 (various kernel packages)
Debian Security Advisory DSA 071-1 (fetchmail)
Debian Security Advisory DSA 087-1 (wu-ftpd)
Debian Security Advisory DSA 1015-1 (sendmail)
Debian Security Advisory DSA 069-1 (xloadimage)

Take action and discover your vulnerabilities