Title: CDE Utilities DT Library Buffer Overflow Vulnerability
Severity: HIGH
Description:
A boundary condition error exists in some DT utilities distributed with CDE.
This issue has been found to affect Caldera Open Unix and Unixware, and Compaq Tru64. The buffer overflow is additionally present in Solaris dtterm, however this utility is not SetUID, although other setuid utilities linked against the same library, or calling the dtterm program may be vulnerable. The likely cause of this problem is an overflow in either the libDtSvc or LibSDtFwa libraries, against which all known vulnerable programs are linked.
This overflow may result in the overwriting of stack variables, including the return address. As these programs are all setuid root, it may be possible to execute arbitrary code with the inherited privileges of root.
The execution of strings on this library reveals the use of the $HOME environment variable. However, the potential problem in this libraries currently remains unverified.
Affected Products:
- Caldera OpenUnix 8.0.0
- Caldera UnixWare 0.0.07
- Compaq Tru64 5.1.0
- HP HP-UX 10.20.0
- HP HP-UX 11.0.0
- Sun Solaris 8
- Sun Solaris 8_x86
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
