[UNIX] Compaq Tru64 UNIX dtprintinfo "-session" Buffer Overflow Vulnerability
From: support@securiteam.comDate: 04/17/02
- Previous message: support@securiteam.com: "[UNIX] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 17 Apr 2002 20:23:36 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Compaq Tru64 UNIX dtprintinfo "-session" Buffer Overflow Vulnerability
------------------------------------------------------------------------
SUMMARY
Dtprintinfo included with Compaq Tru64 UNIX contains a buffer overflow
vulnerability, which could potentially allow local attackers to elevate
privileges.
DETAILS
Vulnerable systems:
* Compaq Tru64 UNIX version 4.0F
* Compaq Tru64 UNIX version 5.0
* Compaq Tru64 UNIX version 5.1
* Compaq Tru64 UNIX version 5.1A
The /usr/dt/bin/dtprintinfo included with Compaq Tru64 UNIX is a program
for opening the CDE Print Manager window. This program is installed as
SUID root. In dtprintinfo it is possible to restore a client to the
original desktop state by loading the session file using the "-session"
option. A buffer overflow will occur in dtprintinfo when an unusually long
string of characters is used in session filenames. This will result in the
possibility for the local attacker to execute arbitrary code as root.
Solution:
This problem can be eliminated by applying an appropriate patch to your
Tru64 UNIX version based on the information in the following URL: Compaq
SECURITY BULLETIN (SSRT-541) Potential Security Vulnerabilities in Tru64,
UNIX, CDE, NFS, and NIS:
<http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml>
http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml
ADDITIONAL INFORMATION
The information has been provided by <mailto:yosinaga@lac.co.jp> Noboru
Yoshinaga.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
