SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#575804

CDE libDtHelp vulnerable to buffer overflow via DTHELPUSERSEARCHPATH or DTHELPSEARCHPATH

Overview

There is a vulnerability in the Common Desktop Environment (CDE) for UNIX systems which can allow a local user to gain root privileges.

I. Description

The Common Desktop Environment (CDE) is a standard desktop environment for UNIX based systems. CDE libDtHelp contains a buffer overflow that can be exploited by a local user. By modifying the DTHELPUSERSEARCHPATH or DTHELPSEARCHPATH environment variables and invoking Help an attacker can gain elevated privileges. For example, since dtprintinfo is commonly setuid root, it may be exploited by a local user to gain root privileges. Other programs that run with elevated privileges and link libDtHelp are also potential attack vectors.

II. Impact

An authenticated local user may be able to execute arbitrary code with root privileges. The attacker may also be able to crash vulnerable programs causing a denial of service.

III. Solution

Apply Patch or Upgrade

Apply a patch or upgrade as advised by your vendor. See the Systems Affected section for more information.

Systems Affected

VendorStatusDate NotifiedDate Updated
Cray Inc.Unknown16-Oct-2003
Data GeneralUnknown16-Oct-2003
Hewlett-Packard CompanyVulnerable3-Dec-2003
IBMNot Vulnerable4-Nov-2003
IBM eServerVulnerable4-Nov-2003
Open GroupUnknown16-Oct-2003
SCOVulnerable5-Nov-2003
SGIUnknown16-Oct-2003
Sun Microsystems Inc.Vulnerable10-Nov-2003
Xi GraphicsVulnerable4-Nov-2003

References


http://www.opengroup.org/cde/
http://www.secunia.com/advisories/10144/
http://www.securityfocus.com/bid/8973

Credit

Thanks to Kevin Kotas of Computer Associates eTrust Vulnerability Manager. Thanks also to XiGraphics and SCO for information used in this document.

This document was written by Robert C. Seacord and Art Manion.

Other Information

Date Public:2003-11-04
Date First Published:2003-11-04
Date Last Updated:2004-08-26
CERT Advisory: 
CVE-ID(s):CAN-2003-0834
NVD-ID(s):CAN-2003-0834
US-CERT Technical Alerts: 
Metric:2.81
Document Revision:23

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader