Vulnerability Note VU#860296

CDE dtprintinfo contains local buffer overflow in Help window via clipboard copy

Original Release date: 20 Dec 2001 | Last revised: 30 Apr 2002

Overview

The CDE Print Viewer program dtprintinfo provides a graphical interface display the status of print queues and print jobs. By using the clipboard to overflow the search field in the Help window of dtprintinfo, a local attacker can execute arbitrary code on the system as root.

Description

There is a buffer overflow in the graphical program used to view print job status in CDE-aware desktop environments. Since dtprintinfo is commonly set to be setuid root, this defect could allow a local attacker to execute arbitrary code as root.

Impact

A user with local access can execute arbitrary code with root privileges.

Solution

Apply a patch from your vendor.

Sun patches:

108949-04: CDE 1.4: libDtHelp/libDtSvc patch
108950-04: CDE 1.4_x86: litDtHelp/libDtSvc patch


Please see other vendor statements for additional patch information.

Workaround

Disable dtprintinfo or 'chmod -s' the binary.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Compaq Computer CorporationAffected09 Mar 200130 Apr 2002
Hewlett PackardAffected-22 Aug 2001
IBMAffected01 Mar 200119 Dec 2001
Open GroupAffected15 Aug 200117 Dec 2001
SunAffected-05 Mar 2001
CrayNot Affected-20 Dec 2001
SGIUnknown01 Mar 200117 Dec 2001
Xi GraphicsUnknown03 Oct 200117 Dec 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

The CERT/CC thanks Kevin Kotas of Ernst & Young's eSecurityOnline for reporting this vulnerability to us and to affected vendors.

This document was written by Jeffrey S. Havrilla.

Other Information

  • CVE IDs: CAN-2001-0551
  • Date Public: 17 Aug 2001
  • Date First Published: 20 Dec 2001
  • Date Last Updated: 30 Apr 2002
  • Severity Metric: 6.75
  • Document Revision: 14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.