Vulnerability Note VU#860296
CDE dtprintinfo contains local buffer overflow in Help window via clipboard copy
Overview
The CDE Print Viewer program dtprintinfo provides a graphical interface display the status of print queues and print jobs. By using the clipboard to overflow the search field in the Help window of dtprintinfo, a local attacker can execute arbitrary code on the system as root.
Description
There is a buffer overflow in the graphical program used to view print job status in CDE-aware desktop environments. Since dtprintinfo is commonly set to be setuid root, this defect could allow a local attacker to execute arbitrary code as root. |
Impact
A user with local access can execute arbitrary code with root privileges. |
Solution
Apply a patch from your vendor. Sun patches: |
WorkaroundDisable dtprintinfo or 'chmod -s' the binary. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Compaq Computer Corporation | Affected | 09 Mar 2001 | 30 Apr 2002 |
| Hewlett Packard | Affected | - | 22 Aug 2001 |
| IBM | Affected | 01 Mar 2001 | 19 Dec 2001 |
| Open Group | Affected | 15 Aug 2001 | 17 Dec 2001 |
| Sun | Affected | - | 05 Mar 2001 |
| Cray | Not Affected | - | 20 Dec 2001 |
| SGI | Unknown | 01 Mar 2001 | 17 Dec 2001 |
| Xi Graphics | Unknown | 03 Oct 2001 | 17 Dec 2001 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.opengroup.org/cde/
- http://www.opengroup.org/desktop/faq/
- http://www.eSecurityOnline.com/advisories/eSO2406.asp
- http://www.iss.net/security_center/static/8034.php
Credit
The CERT/CC thanks Kevin Kotas of Ernst & Young's eSecurityOnline for reporting this vulnerability to us and to affected vendors.
This document was written by Jeffrey S. Havrilla.
Other Information
- CVE IDs: CAN-2001-0551
- Date Public: 17 Aug 2001
- Date First Published: 20 Dec 2001
- Date Last Updated: 30 Apr 2002
- Severity Metric: 6.75
- Document Revision: 14
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.