|
|
|
Vulnerability Note VU#860296CDE dtprintinfo contains local buffer overflow in Help window via clipboard copyOverviewThe CDE Print Viewer program dtprintinfo provides a graphical interface display the status of print queues and print jobs. By using the clipboard to overflow the search field in the Help window of dtprintinfo, a local attacker can execute arbitrary code on the system as root.I. DescriptionThere is a buffer overflow in the graphical program used to view print job status in CDE-aware desktop environments. Since dtprintinfo is commonly set to be setuid root, this defect could allow a local attacker to execute arbitrary code as root.II. ImpactA user with local access can execute arbitrary code with root privileges.III. SolutionApply a patch from your vendor.Sun patches: WorkaroundDisable dtprintinfo or 'chmod -s' the binary.
References
The CERT/CC thanks Kevin Kotas of Ernst & Young's eSecurityOnline for reporting this vulnerability to us and to affected vendors. This document was written by Jeffrey S. Havrilla.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||