SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Common Desktop Environment Vendors:   Sun
(Sun Issues T-Patches) Re: CDE libDTHelp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1008127
SecurityTracker URL:  http://securitytracker.com/id/1008127
CVE Reference:   CVE-2003-0834   (Links to External Site)
Updated:  Nov 11 2003
Original Entry Date:  Nov 10 2003
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0
Description:   A buffer overflow vulnerability was reported the Common Desktop Environment (CDE) libDTHelp library. A local user can gain root privileges on the system.

It is reported that a local user can set a specially crafted environment variable (DTHELPUSERSEARCHPATH) to execute arbitrary code with root privileges when the dtHelp application is initialized or when applications linked to libtDtHelp are initialized.

Kevin Kotas from Computer Associates Intl. eTrust eVM is credited with reporting this flaw.

In August 2004, iDEFENSE reported that the LOGNAME environment variable is also not properly validated.

Impact:   A local user can execute arbitrary code with root privileges.
Solution:   Sun has issued the following T-patches:

SPARC

Solaris 7 T-patch T107178-03
Solaris 8 T-patch T108949-08
Solaris 9 T-patch T116308-01

x86 Platform

Solaris 7 T-patch T107179-03
Solaris 8 T-patch T108950-08
Solaris 9 T-patch T116309-01

T-patches are to be available within the a few days at:

http://www.sunsolve.sun.com/tpatches

A final resolution is pending.

Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57414 (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  7, 8, and 9

Message History:   This archive entry is a follow-up to the message listed below.
Nov 5 2003 CDE libDTHelp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges



 Source Message Contents

Subject:  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57414


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57414

57414   Buffer Overflow Vulnerability in the CDE DtHelp Library May Allow Unauthorized 
"root" Access   7 Nov 2003

Sun issued temporary patches for the CVE CAn-2003-0834 CDE DtHelp library (libDtHelp.so) 
local buffer overflow vulnerability

SPARC

Solaris 7 T-patch T107178-03
Solaris 8 T-patch T108949-08
Solaris 9 T-patch T116308-01

x86 Platform

Solaris 7 T-patch T107179-03
Solaris 8 T-patch T108950-08
Solaris 9 T-patch T116309-01

T-patches are to be available within the a few days at:

http://www.sunsolve.sun.com/tpatches

A final resolution is pending.

-----

Sun Alert ID: 57414
Synopsis: Buffer Overflow Vulnerability in the CDE DtHelp Library May Allow Unauthorized 
"root" Access
Category: Security
Product: Solaris
BugIDs: 4930117
Avoidance: T-Patch
State: Committed
Date Released: 07-Nov-2003
Date Closed:
Date Modified:


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC