-----BEGIN PGP SIGNED MESSAGE-----

===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : Teun Nijssen                                Index  :    S-97-29
Distribution  : World                                       Page   :          1
Classification: External                                    Version:          1
Subject       : libXt (pre X11 R 6.3) buffer overflow       Date   :  01-May-97
===============================================================================

By courtesy of CERT Coordination Center we received the following information.

CERT Coordination Center advisory CA-97.11.libXt reports a buffer overflow
vulnerability in the Xt library of versions older than X11 Release 6.3

This vulnerability allows normal users of a system to obtain root permissions
by exploiting setuid or setgid programs linked with the library.

This advisory provides vendor patch information and the advise to upgrade to
version X11 R 6.3.

CERT-NL recommends to act according to the CERT-CC advisory.

All CERT Coordination Center advisories are mirrored by CERT-NL.
The specific URL for this case is:

ftp://ftp.surfnet.nl/surfnet/net-security/
cert-cc-mirror/cert_advisories/CA-97.11.libXt

ADVISORIES ARE REGULARLY UPDATED BY CERT COORDINATION CENTER.
Therefore we advise you to check on our mirror regularly -
you can automate this process using the CERT-NL notifier service.

More information about the CERT-NL mirror and notifier services is
contained in News items N-95-01 (notifier) and N-95-02 (CERT mirror),
both present on
<ftp://ftp.surfnet.nl/surfnet/net-security/cert-nl/docs/news/>

==============================================================================

CERT-NL is the Computer Emergency Response Team for SURFnet customers.
SURFnet is the Dutch network for educational, research and related institutes.
CERT-NL is a member of the Forum of Incident Response and Security Teams
(FIRST).

All CERT-NL material is available under:
  <http://www.surfnet.nl/surfnet/security/cert-nl.html>
  <ftp://ftp.surfnet.nl/surfnet/net-security>

In case of computer or network security problems please contact your
local CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet
customer please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
   Email:     cert-nl@surfnet.nl
   Phone:     +31 302 305 305
   Fax:       +31 302 305 329
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands
   A 7 * 24 hours phone number is available to SURFnet SSC's and FIRST
   members on request.
==============================================================================

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAgUBM2jyDkU5nQkWIq1FAQHkSAQA08o1UhjxhWjuDznlyanexTEuAoxKS6UK
slpWPh1dcm5br4iZO4PrZCS0VJvf+i2Hn+bWSCzMofw5VXGdzgyFqr/ddctufugi
+LZhgwm14zi/BmVJYZuHzdg0PHOMsA7vRTryp2TvzQoYhPrhDuYWmaTPgwCBoe3Q
XSLf9e6n9SU=
=hBP0
-----END PGP SIGNATURE-----