VULHUB ™

dtprintinfo is part of the Common Desktop Environment (CDE) package. dtprintinfo launches the CDE Print Manager window. A problem with the program could make it possible for local users to gain elevated privileges. A buffer overflow in the -session option of dtprintinfo can allow a user to execute code by supplying a long string with the -session option. Since the dtprintinfo program is SetUID root, this could result in a local user executing code and root, and gaining local administrative access. Conflicting details exist as to whether CDE on Compaq TRU64 Unix 5.0 is affected by this vulnerability.

dtprintinfo is part of the Common Desktop Environment (CDE) package. dtprintinfo launches the CDE Print Manager window. A problem with the program could make it possible for local users to gain elevated privileges. A buffer overflow in the -session option of dtprintinfo can allow a user to execute code by supplying a long string with the -session option. Since the dtprintinfo program is SetUID root, this could result in a local user executing code and root, and gaining local administrative access. Conflicting details exist as to whether CDE on Compaq TRU64 Unix 5.0 is affected by this vulnerability.