The HP Tru64 UNIX implementation of "dtterm" contains a locally exploitable buffer overflow.
From the HP Tru64 UNIX reference pages, the "dtterm" utility "provides runtime support of legacy applications written for terminals conforming to ANSI X3.64-1979 and ISO 6429:1992(E), such as the DEC VT220". A locally exploitable buffer overflow in "dtterm" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host.
A local user may be able to gain elevated privileges and execute arbitrary code.
Apply a patch.
Thanks to KF for reporting this vulnerability.
This document was written by Ian A Finlay.
|Date First Published:||2002-09-13|
|Date Last Updated:||2002-09-13 14:02 UTC|