Sun Multilanguage Environment Library (libmle) Buffer Overflow Lets Local Users Obtain Elevated Privileges
|
|
SecurityTracker Alert ID: 1014579
|
|
SecurityTracker URL: http://securitytracker.com/id?1014579
|
|
CVE Reference: CVE-2005-4795
(Links to External Site)
|
Updated: Jul 6 2008
|
Original Entry Date: Jul 26 2005
|
Impact: Execution of arbitrary code via local system, Root access via local system, User access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): Solaris 7, 8
|
Description: A vulnerability was reported in the Sun Multilanguage Environment Library (libmle). A local user can obtain elevated privileges on the target system.
A local user may be able to invoke an application using the libmle library to trigger a buffer overflow and execute arbitrary code.
The code will run with the privileges of the application that is dynamically linked to the libmle library.
The libmle library
is shipped with the Japanese locale.
|
Impact: A local user can obtain the privileges of an application on the target system that uses the libmle library.
|
Solution: Sun has issued the following fixes.
SPARC Platform
* Solaris 7 with patch 111646-01 or later
* Solaris 8 with patch 111647-01 or later
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-101807-1 (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 26 Jul 2005 01:51:17 -0400
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101807-1
|
# Sun Alert ID: 101807
# Synopsis: Security Vulnerability In the Multilanguage Environment Library "libmle" Shippe
d with the Japanese Locale
# Category: Security
#
Product: Solaris 7 Operating System, Solaris 8 Operating System
# BugIDs: 4468138
# Avoidance: Patch, Workaround
# State: Resolved
# Date Released: 25-Jul-2005
# Date Closed: 25-Jul-2005
# Date Modified:
|
|
