<date>
06/2001

<title>
XtGetRootDirName $HOME

<os>
HP-UX 10.20

<info>
There exists a buffer overflow vulnerability in the libXt library in the way
the way the HOME environment variable is handled. The vulnerability is caused
by improper handling of the HOME environment variable in the XtGetRootDirName
function  - it copies this variable without any size checking into the stack 
buffer with the use of sprintf function. This bug can be triggered  by invoking
one of the X subsystem's suids binaries (xterm, hpterm, dtterm, dtprintinfo,
dtaction, xconsole or swinstall) and HOME environment variable set to a long
string.When appropriately exploited this bug can lead to a local root compromise
on a vulnerable system. 

<link>
HP/hp_xtlib.c

<file>
HP/hp_xtlib.c

