发布日期：2001-08-12
更新日期：2001-08-17

受影响系统：

Windowmaker Windowaker 0.64
Windowmaker Windowaker 0.63.1
Windowmaker Windowaker 0.63
Windowmaker Windowaker 0.62.1
Windowmaker Windowaker 0.62
   - Conectiva Linux 6.0
   - Conectiva Linux 5.1
Windowmaker Windowaker 0.61.1
Windowmaker Windowaker 0.61
   - Debian Linux 2.2
   - Conectiva Linux 5.0
   - Conectiva Linux 4.2
Windowmaker Windowaker 0.60
   - Conectiva Linux 4.0

不受影响系统：

Windowmaker Windowaker 0.65

描述：

---

BUGTRAQ ID：3177

WindowMaker是X11系统的窗口管理器，通常运行在终端系统上。

发现WindowMaker存在一个缓冲区溢出漏洞，当X11应用程序设置窗口标题的时候，这种
漏洞就会呈现。

这种漏洞能够被可以连接到X服务器的X11应用程序触发，攻击者利用这个漏洞，可以在
目标系统上以window manager权限执行任意代码。

<*来源：Robert Marshall *>

建议：

---

厂商补丁：

目前Debian已经发布了升级补丁：

Windowmaker Windowaker 0.61:

Debian upgrade 2.2 alpha libwings-dev_0.61.1-4.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwings-dev_0.61.1-4.1_alpha.deb

Debian upgrade 2.2 alpha libdockapp-dev_0.61.1-4.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libdockapp-dev_0.61.1-4.1_alpha.deb

Debian upgrade 2.2 sparc libwings-dev_0.61.1-4.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwings-dev_0.61.1-4.1_sparc.deb

Debian upgrade 2.2 sparc libdockapp-dev_0.61.1-4.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libdockapp-dev_0.61.1-4.1_sparc.deb

Debian upgrade 2.2 ppc wmaker_0.61.1-4.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/wmaker_0.61.1-4.1_powerpc.deb

Debian upgrade 2.2 arm wmaker_0.61.1-4.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/wmaker_0.61.1-4.1_arm.deb

Debian upgrade 2.2 ppc libwraster1_0.61.1-4.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1_0.61.1-4.1_powerpc.deb

Debian upgrade 2.2 arm libwraster1_0.61.1-4.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1_0.61.1-4.1_arm.deb

Debian upgrade 2.2 arm libwraster1-dev_0.61.1-4.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1-dev_0.61.1-4.1_arm.deb

Debian upgrade 2.2 ppc libwmaker0-dev_0.61.1-4.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwmaker0-dev_0.61.1-4.1_powerpc.deb

Debian upgrade 2.2 i386 wmaker_0.61.1-4.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/wmaker_0.61.1-4.1_i386.deb

Debian upgrade 2.2 arm libwmaker0-dev_0.61.1-4.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libwmaker0-dev_0.61.1-4.1_arm.deb

Debian upgrade 2.2 sparc wmaker_0.61.1-4.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/wmaker_0.61.1-4.1_sparc.deb

Debian upgrade 2.2 ppc libwings-dev_0.61.1-4.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwings-dev_0.61.1-4.1_powerpc.deb

Debian upgrade 2.2 i386 libwraster1_0.61.1-4.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1_0.61.1-4.1_i386.deb

Debian upgrade 2.2 arm libwings-dev_0.61.1-4.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libwings-dev_0.61.1-4.1_arm.deb

Debian upgrade 2.2 sparc libwraster1_0.61.1-4.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1_0.61.1-4.1_sparc.deb

Debian upgrade 2.2 ppc libdockapp-dev_0.61.1-4.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libdockapp-dev_0.61.1-4.1_powerpc.deb

Debian upgrade 2.2 i386 libwraster1-dev_0.61.1-4.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1-dev_0.61.1-4.1_i386.deb

Debian upgrade 2.2 arm libdockapp-dev_0.61.1-4.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libdockapp-dev_0.61.1-4.1_arm.deb

Debian upgrade 2.2 sparc libwraster1-dev_0.61.1-4.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1-dev_0.61.1-4.1_sparc.deb

Debian upgrade 2.2 i386 libwmaker0-dev_0.61.1-4.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libwmaker0-dev_0.61.1-4.1_i386.deb

Debian upgrade 2.2 alpha wmaker_0.61.1-4.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/wmaker_0.61.1-4.1_alpha.deb

Debian upgrade 2.2 sparc libwmaker0-dev_0.61.1-4.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwmaker0-dev_0.61.1-4.1_sparc.deb

Debian upgrade 2.2 i386 libwings-dev_0.61.1-4.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libwings-dev_0.61.1-4.1_i386.deb

Debian upgrade 2.2 alpha libwraster1_0.61.1-4.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1_0.61.1-4.1_alpha.deb

Debian upgrade 2.2 alpha libwraster1-dev_0.61.1-4.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1-dev_0.61.1-4.1_alpha.deb

Debian upgrade 2.2 i386 libdockapp-dev_0.61.1-4.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libdockapp-dev_0.61.1-4.1_i386.deb

Debian upgrade 2.2 alpha libwmaker0-dev_0.61.1-4.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwmaker0-dev_0.61.1-4.1_alpha.deb

浏览次数：5260
严重程度：0（网友投票）