search for: plmakestring

...ecure X server. By default some distributions of Linux like RedHat come with X configured to allow everyone in the outside world access to your X-server. Anyway here is the guilty section of code, from wdefualts.c: ... char buffer[256]; ... ... if (class && instance) key1 = PLMakeString(strcat(strcat(strcpy(buffer,instance),"."),class)); else The problem is obvious. But it gets worse. That line of code occurs more than once in WindowMaker, and besides that there are several other overflows possible by using long program names. To see if your vulnerable, fire up...