{"vuid":"VU#169059","idnumber":"169059","name":"X11 vulnerable to buffer overflow in handling of -xrm option","keywords":["X11","xterm","buffer overflow","shellcode","xrm"],"overview":"The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges.","clean_desc":"The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option (including xterm) also contain this vulnerability.","impact":"Attackers may be able to gain root privileges by exploiting affected setuid root programs (such as xterm) that use the X11 library.","resolution":"Apply a patch See the Systems Affected section for details, or contact your vendor directly.","workarounds":"None.","sysaffected":"","thanks":"Thanks to jG gM for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["http://ciac.llnl.gov/ciac/bulletins/h-92a.shtml","ftp://ftp.x.org/pub/R6.3/fixes/fix-02","http://stage.caldera.com/support/security/","ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.15/CSSA-2002-SCO.15.txt"],"cveids":["CVE-2002-0517"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-01-27T03:16:05Z","publicdate":"1997-05-28T00:00:00Z","datefirstpublished":"2002-09-16T21:35:00Z","dateupdated":"2003-03-24T20:53:39Z","revision":15,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"10","cam_impact":"8","cam_easeofexploitation":"14","cam_attackeraccessrequired":"17","cam_scorecurrent":"6.783","cam_scorecurrentwidelyknown":"8.568","cam_scorecurrentwidelyknownexploited":"15.708","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.783,"vulnote":null}