Train
PDA

توجه ! این یک نسخه آرشیو شده میباشد و در این حالت شما عکسی را مشاهده نمیکنید برای مشاهده کامل متن و عکسها بر روی لینک مقابل کلیک کنید : Multiple Vendor CDE libDtHelp Buffer Overflow Vulnerability

NI3
11-08-2003, 08:58 AM
TITLE:
Multiple Vendor CDE libDtHelp Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA10144

VERIFY ADVISORY:
[Only registered and activated users can see links]

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Open UNIX 8.x.x
UnixWare 7.x.x

SOFTWARE:
DeXtop 3.x

DESCRIPTION:
A vulnerability has been reported in CDE (Common Desktop
Environment), which can be exploited by malicious, local users to
escalate their privileges.

The vulnerability is caused due to a boundary error in CDE libDtHelp
when handling the "DTHELPUSERSEARCHPATH" environment variable. This
can be exploited via suid application linked to libDtHelp (eg.
dtprintinfo) to cause a buffer overflow by inserting an overly long,
specially crafted string and then invoking Help.

The vulnerability affects the following products:
* Xi Graphics deXtop CDE 3.0
* SCO Open UNIX 8.0.0
* SCO UnixWare 7.1.3 and 7.1.1

SOLUTION:
Apply patches.

-- Xi Graphics deXtop CDE 3.0 --

ftp://ftp.xig.com/pub/updates/dextop/3.0/DEX3000.003.tar.gz

This patch also fixes an older vulnerability, which can be exploited
to escalate privileges:
SA8468


-- SCO Open UNIX and UnixWare --

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.31/erg712445.pkg.Z

REPORTED BY / CREDITS:
Kevin Kotas

ORIGINAL ADVISORY:
CERT VU#575804:
[Only registered and activated users can see links]

SCO UnixWare and Open UNIX:
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.31/CSSA-2003-SCO.31.txt

Xi Graphics deXtop CDE:
ftp://ftp.xig.com/pub/updates/dextop/3.0/DEX3000.003.txt

OTHER REFERENCES:
SA8468:
[Only registered and activated users can see links]

----------------------------------------------------------------------