[UNIX] CDE dtprintinfo Help Search Buffer Overflow Vulnerability
From: support@securiteam.comDate: 04/30/02
- Previous message: support@securiteam.com: "[UNIX] Sun Solaris admintool Media Installation Path Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Tue, 30 Apr 2002 22:13:37 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
CDE dtprintinfo Help Search Buffer Overflow Vulnerability
------------------------------------------------------------------------
SUMMARY
The CDE dtprintinfo program is vulnerable to a buffer overflow condition
that allows a local attacker to gain root access. The problem occurs due
to insufficient bounds checking in the Volume search field from the Help
section. An attacker can insert a specially crafted string for the search
parameter and gain root privileges.
In the dtprintinfo Help, an Index search function permits querying by
keyword. If a string of appropriate length is inserted into the 'Entries
with' field and a single Help Volume is selected for the search, an
exploitable buffer overflow will occur.
DETAILS
Vulnerable systems:
* Solaris 2.4, 2.5, 2.5.1, 2.6, 7, 8 SPARC and x86
* HP-UX 10.10, 10.20, 10.24, 11.00, 11.04, 11.11
* IBM AIX 4.3, 4.3.1, 4.3.2, 4.3.3
* Compaq Tru64 5.1A, 5.1, 5.0A, 4.0G, 4.0F
* CDE
Technical Recommendation:
Upgrade with the following patches.
Sun:
Solaris 2.4, 2.5, 2.5.1 SPARC: 105076-04
Solaris 2.4, 2.5, 2.5.1 x86: 105354-04
Solaris 2.6 SPARC: 106242-03
Solaris 2.6 x86: 106243-03
Solaris 7 SPARC: 107178-02
Solaris 7 x86: 107179-02
Solaris 8 SPARC: 108949-04
Solaris 8 x86: 108950-04
IBM AIX:
AIX 4.3.x: APAR #IY21539
AIX 5.1: APAR #IY20917
Compaq:
SSRT1-78U
SSRT0788U
SSRT0757U
SSRT-541
HP-UX:
10.10: PHSS_23355
10.20: PHSS_23796
10.24: PHSS_24097
11.00: PHSS_23797
11.04: PHSS_24098
11.11: PHSS_24087, PHSS_24091
ADDITIONAL INFORMATION
The information has been provided by
<mailto:researchteam5@esecurityonline.com> researchteam5.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Sun Solaris admintool Media Installation Path Buffer Overflow Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
