Latest news
Discovery Date: March 31, 2000
ID: eSO:2406
Title: CDE dtprintinfo Help search buffer overflow vulnerability
Impact: Local attackers can gain root level access
Affected Technology: Solaris 2.4, 2.5, 2.5.1, 2.6, 7, 8 SPARC and x86
HP-UX 10.10, 10.20, 10.24, 11.00, 11.04, 11.11
IBM AIX 4.3, 4.3.1, 4.3.2, 4.3.3
Compaq Tru64 5.1A, 5.1, 5.0A, 4.0G, 4.0F
CDE
Vendor Status: Patches are available
Discovered By: Kevin Kotas of the eSecurityOnline Research
and Development Team
CVE Reference: CAN-2001-0551
Advisory Location:
http://www.eSecurityOnline.com/advisories/eSO2406.asp
Description:
The CDE dtprintinfo program is vulnerable to a buffer overflow condition that allows a local attacker to gain root access. The problem occurs due to insufficient bounds checking in the Volume search field from the Help section. An attacker can insert a specially crafted string for the search parameter and gain root privileges.
In the dtprintinfo Help, an Index search function permits querying by keyword. If a string of appropriate length is inserted into the 'Entries with' field and a single Help Volume is selected for the search, an exploitable buffer overflow will occur.
Technical Recommendation:
Upgrade with the following patches.
Solaris 2.4, 2.5, 2.5.1 SPARC:
105076-04
Solaris 2.4, 2.5, 2.5.1 x86:
105354-04
Solaris 2.6 SPARC:
106242-03
Solaris 2.6 x86:
106243-03
Solaris 7 SPARC:
107178-02
Solaris 7 x86:
107179-02
Solaris 8 SPARC:
108949-04
Solaris 8 x86:
108950-04
IBM AIX:
AIX 4.3.x:
APAR #IY21539
AIX 5.1:
APAR #IY20917
Compaq:
SSRT1-78U
SSRT0788U
SSRT0757U
SSRT-541
HP-UX:
10.10: PHSS_23355
10.20: PHSS_23796
10.24: PHSS_24097
11.00: PHSS_23797
11.04: PHSS_24098
11.11: PHSS_24087, PHSS_24091
Acknowledgements:
eSecurityOnline would like to thank Sun Microsystems and the Sun security team for their cooperation in resolving the issue.
Copyright 2002 eSecurityOnline LLC. All rights reserved.
THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY ESECURITYONLINE LLC "AS IS", "WHERE IS", WITH NO WARRANTY OF ANY KIND, AND ESECURITYONLINE LLC HEREBY DISCLAIMS THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ESECURITYONLINE LLC SHALL HAVE NO LIABILITY FOR ANY DAMAGE, CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION CONTAINED IN THIS VULNERABILITY ALERT.
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
