VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 15, 2002· Updated Jun 16, 2026

CVE-2002-0090

CVE-2002-0090

Description

Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

Root cause

"Buffer overflow in ConnectToServer due to insufficient bounds checking on the display command line option."

Attack vector

A local attacker triggers the bug by passing a long display command line option to the lbxproxy binary. The `ConnectToServer` function in `lbxproxy/di/wire.c` fails to properly bounds-check the input, leading to a buffer overflow. The attacker can then execute arbitrary code with root privileges [ref_id=1].

Affected code

The vulnerability is in the `ConnectToServer` function within `lbxproxy/di/wire.c` of the Low BandWidth X proxy (lbxproxy) component of XFree86. The advisory does not specify the exact line or the nature of the buffer overflow beyond its location in this function.

What the fix does

The advisory does not include a patch. It directs users to consult vendor information from Sun Microsystems for a solution. Without a published fix, the recommended remediation would be to apply vendor-supplied patches or disable the lbxproxy service if not needed.

Preconditions

  • authThe attacker must have local access to the system to run the lbxproxy binary.
  • inputThe attacker must supply a long display command line option to trigger the overflow.

Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.