Title: Solaris 7/8 kcms_configure Command-Line Buffer Overflow Vulnerability
Severity: MODERATE
Description:
Workstation installations of Sun Microsystems Solaris 7 and 8 ship with a package called KCMS (Kodak Color Management System).
The KCMS configuration binary 'kcms_configure' reads each of the command-line options passed to it into a buffer on the stack. Although arbitrarily sized strings can be specified on the command-line, the buffer is only 1100 bytes in length. Since no length limits are enforced when the command-line options are read, passing an overly long command-line string to kcms_configure will cause it to overflow the stack frame.
Since kcms_configure is setuid root, a stack overflow allows the execution of arbitrary code, and complete control of the vulnerable host.
Affected Products:
- Sun Solaris 7.0
- Sun Solaris 7.0_x86
- Sun Solaris 8
- Sun Solaris 8_x86
References:
- Sun Microsystems: Solaris[tm] Product Line
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
