SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Common Desktop Environment Vendors:   Open Group, The
CDE libDTHelp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1008101
SecurityTracker URL:  http://securitytracker.com/id/1008101
CVE Reference:   CVE-2003-0834   (Links to External Site)
Updated:  Aug 25 2004
Original Entry Date:  Nov 5 2003
Impact:   Execution of arbitrary code via local system, Root access via local system

Version(s): 3.0
Description:   A buffer overflow vulnerability was reported the Common Desktop Environment (CDE) libDTHelp library. A local user can gain root privileges on the system.

It is reported that a local user can set a specially crafted environment variable (DTHELPUSERSEARCHPATH) to execute arbitrary code with root privileges when the dtHelp application is initialized or when applications linked to libtDtHelp are initialized.

Kevin Kotas from Computer Associates Intl. eTrust eVM is credited with reporting this flaw.

In August 2004, iDEFENSE reported that the LOGNAME environment variable is also not properly validated.

Impact:   A local user can execute arbitrary code with root privileges.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.opengroup.org/cde/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 5 2003 (SCO Issues Fix) Re: CDE libDTHelp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
SCO has issued a fix for UnixWare and Open UNIX.
Nov 5 2003 (Xi Graphics Issues Fix for DeXtop CDE) Re: CDE libDTHelp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
Xi Graphics has issued a fix for DeXtop Linux-based CDE.
Nov 10 2003 (Sun Issues T-Patches) Re: CDE libDTHelp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
Sun has issued T-Patches for Solaris 7, 8, and 9.
Nov 18 2003 (HP Issues Fix) CDE libDTHelp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
The vendor has released a fix.
Dec 3 2003 (HP Issues Fix for Tru64) CDE libDTHelp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
HP has released an early release patch for Tru64.
Feb 9 2004 (Sun Issues Fix) CDE libDTHelp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
Sun has issued some final fixes.



 Source Message Contents

Subject:  libDTHelp local buffer overflow


CVE: CAN-2003-0834

SCO reported that there is a buffer overflow vulnerability in the Common Desktop 
Environment (CDE) libDTHelp.  A local user can reportedly set a specially crafted 
environment variable to execute arbitrary code with root privileges when the dtHelp 
application is initialized or when applications linked to libtDtHelp are initialized.

SCO credits Kevin Kotas from Computer Associates Intl. eTrust eVM with reporting this flaw.




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC