SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Common Desktop Environment Vendors:   Open Group, The
(Sun Issues Fix) CDE libDTHelp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1008986
SecurityTracker URL:  http://securitytracker.com/id/1008986
CVE Reference:   CVE-2003-0834   (Links to External Site)
Date:  Feb 9 2004
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0
Description:   A buffer overflow vulnerability was reported the Common Desktop Environment (CDE) libDTHelp library. A local user can gain root privileges on the system.

It is reported that a local user can set a specially crafted environment variable (DTHELPUSERSEARCHPATH) to execute arbitrary code with root privileges when the dtHelp application is initialized or when applications linked to libtDtHelp are initialized.

Kevin Kotas from Computer Associates Intl. eTrust eVM is credited with reporting this flaw.

In August 2004, iDEFENSE reported that the LOGNAME environment variable is also not properly validated.

Impact:   A local user can execute arbitrary code with root privileges.
Solution:   Sun has issued final fixes for some of the affected platforms:

SPARC platform

Solaris 7 with patch 107178-03 or later
Solaris 8 with patch 108949-08 or later
Solaris 9 with patch 116308-01 or later

x86 Platform

Solaris 7 with patch 107179-03 or later
Solaris 8 with patch 108950-08 or later

Sun is working on a final resolution for the Solaris 9 x86 platform. A T-patch is available:

Solaris 9 T-patch T116309-01

Vendor URL:  www.opengroup.org/cde/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  Solaris 7, 8, and 9

Message History:   This archive entry is a follow-up to the message listed below.
Nov 5 2003 CDE libDTHelp Buffer Overflow Lets Local Users Execute Arbitrary Code With Root Privileges



 Source Message Contents

Subject:  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57414


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57414

Sun updated their Sun Alert 57414 to indicate that final fixes are available for some 
platforms:

SPARC platform

Solaris 7 with patch 107178-03 or later
Solaris 8 with patch 108949-08 or later
Solaris 9 with patch 116308-01 or later

x86 Platform

Solaris 7 with patch 107179-03 or later
Solaris 8 with patch 108950-08 or later

Sun is working on a final resolution for the Solaris 9 x86 platform.  A T-patch is available:

Solaris 9 T-patch T116309-01


-----

Sun Alert ID: 57414
Synopsis: Buffer Overflow Vulnerability in the CDE DtHelp Library May Allow Unauthorized 
"root" Access
Category: Security
Product: Solaris
BugIDs: 4930117
Avoidance: Patch, T-patch
State: Engineering Complete
Date Released: 07-Nov-2003
Date Closed:
Date Modified: 06-Feb-2004

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC