Title: Solaris kcms_configure KCMS_PROFILES Buffer Overflow Vulnerability
Severity: MODERATE
Description:
Kodak Color Management System, or KCMS, is installed by default with workstation installations of Sun Solaris. A vulnerability exists in kcms_configure, the KCMS configuration tool.
The KCMS_PROFILES environment variable is used to specify a directory containing configuration profiles to KCMS utilities.
The shared library kcsSUNWIOsolf.so that is used by kcms_configure can not handle long KCMS_PROFILES strings. It stores the unchecked value of KCMS_PROFILES in a fixed buffer, and is therefore susceptible to a buffer overflow attack.
Because kcms_configure is setuid root, a successful buffer overflow attack will yield root privileges to an attacker.
Solaris (x86 and Sparc) versions 2.6, 7 and 8 are known to be vulnerable.
Affected Products:
- Sun Solaris 2.5.0
- Sun Solaris 2.5.0_x86
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1_x86
- Sun Solaris 2.6
- Sun Solaris 2.6_x86
- Sun Solaris 7.0
- Sun Solaris 7.0_x86
- Sun Solaris 8
- Sun Solaris 8_x86
References:
- Sun Microsystems: Solaris[tm] Product Line
- lsd-pl.net: kcsSUNWIOsolf.so $KCMS_PROFILES sparc
- lsd-pl.net: kcsSUNWIOsolf.so $KCMS_PROFILES x86
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
