Vulnerability Note VU#860296
CDE dtprintinfo contains local buffer overflow in Help window via clipboard copy
The CDE Print Viewer program dtprintinfo provides a graphical interface display the status of print queues and print jobs. By using the clipboard to overflow the search field in the Help window of dtprintinfo, a local attacker can execute arbitrary code on the system as root.
There is a buffer overflow in the graphical program used to view print job status in CDE-aware desktop environments. Since dtprintinfo is commonly set to be setuid root, this defect could allow a local attacker to execute arbitrary code as root.
A user with local access can execute arbitrary code with root privileges.
Apply a patch from your vendor.
Disable dtprintinfo or 'chmod -s' the binary.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Compaq Computer Corporation||Affected||09 Mar 2001||30 Apr 2002|
|Hewlett Packard||Affected||-||22 Aug 2001|
|IBM||Affected||01 Mar 2001||19 Dec 2001|
|Open Group||Affected||15 Aug 2001||17 Dec 2001|
|Sun||Affected||-||05 Mar 2001|
|Cray||Not Affected||-||20 Dec 2001|
|SGI||Unknown||01 Mar 2001||17 Dec 2001|
|Xi Graphics||Unknown||03 Oct 2001||17 Dec 2001|
CVSS Metrics (Learn More)
The CERT/CC thanks Kevin Kotas of Ernst & Young's eSecurityOnline for reporting this vulnerability to us and to affected vendors.
This document was written by Jeffrey S. Havrilla.
- CVE IDs: CAN-2001-0551
- Date Public: 17 Aug 2001
- Date First Published: 20 Dec 2001
- Date Last Updated: 30 Apr 2002
- Severity Metric: 6.75
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.