VULHUB ™

A boundary condition error exists in some dt utilities distributed with CDE. The problem occurs when a command-line argument approximately 9000 bytes in size is passed to one of the dtaction, dtsession, or dtprintinfo programs. A buffer overflow can also occur if 9000 or more bytes of data are placed in the HOME environment variable prior to running one of the programs. The problem is likely related to an overflow in one of the DT Libraries such as libDtSvc or libSDtFwa. This overflow may result in the overwriting of stack variables, including the return address. As these programs are all setuid root, it may be possible to execute arbitrary code with the inherited privileges of root. It currently is also present in Solaris dtterm, although this program is not setuid.

A boundary condition error exists in some dt utilities distributed with CDE. The problem occurs when a command-line argument approximately 9000 bytes in size is passed to one of the dtaction, dtsession, or dtprintinfo programs. A buffer overflow can also occur if 9000 or more bytes of data are placed in the HOME environment variable prior to running one of the programs. The problem is likely related to an overflow in one of the DT Libraries such as libDtSvc or libSDtFwa. This overflow may result in the overwriting of stack variables, including the return address. As these programs are all setuid root, it may be possible to execute arbitrary code with the inherited privileges of root. It currently is also present in Solaris dtterm, although this program is not setuid.