Vulnerability Note VU#575804
CDE libDtHelp vulnerable to buffer overflow via DTHELPUSERSEARCHPATH or DTHELPSEARCHPATH
Overview
There is a vulnerability in the Common Desktop Environment (CDE) for UNIX systems which can allow a local user to gain root privileges.
Description
The Common Desktop Environment (CDE) is a standard desktop environment for UNIX based systems. CDE libDtHelp contains a buffer overflow that can be exploited by a local user. By modifying the DTHELPUSERSEARCHPATH or DTHELPSEARCHPATH environment variables and invoking Help an attacker can gain elevated privileges. For example, since dtprintinfo is commonly setuid root, it may be exploited by a local user to gain root privileges. Other programs that run with elevated privileges and link libDtHelp are also potential attack vectors. |
Impact
An authenticated local user may be able to execute arbitrary code with root privileges. The attacker may also be able to crash vulnerable programs causing a denial of service. |
Solution
Apply Patch or Upgrade Apply a patch or upgrade as advised by your vendor. See the Systems Affected section for more information. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Hewlett-Packard Company | Affected | 09 Oct 2003 | 03 Dec 2003 |
| IBM eServer | Affected | 09 Oct 2003 | 04 Nov 2003 |
| SCO | Affected | 09 Oct 2003 | 05 Nov 2003 |
| Sun Microsystems Inc. | Affected | 09 Oct 2003 | 10 Nov 2003 |
| Xi Graphics | Affected | 09 Oct 2003 | 04 Nov 2003 |
| IBM | Not Affected | 09 Oct 2003 | 04 Nov 2003 |
| Cray Inc. | Unknown | 09 Oct 2003 | 16 Oct 2003 |
| Data General | Unknown | 09 Oct 2003 | 16 Oct 2003 |
| Open Group | Unknown | 09 Oct 2003 | 16 Oct 2003 |
| SGI | Unknown | 09 Oct 2003 | 16 Oct 2003 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.opengroup.org/cde/
- http://www.secunia.com/advisories/10144/
- http://www.securityfocus.com/bid/8973
Credit
Thanks to Kevin Kotas of Computer Associates eTrust Vulnerability Manager. Thanks also to XiGraphics and SCO for information used in this document.
This document was written by Robert C. Seacord and Art Manion.
Other Information
- CVE IDs: CAN-2003-0834
- Date Public: 04 Nov 2003
- Date First Published: 04 Nov 2003
- Date Last Updated: 26 Aug 2004
- Severity Metric: 2.81
- Document Revision: 23
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.