Solaris DTMail Mail Environment Variable Buffer Overflow Vulnerability



dtmail is an application included with the Common Desktop Environment, one of the X Window Managers included with Solaris.

A buffer overflow in dtmail makes it possible for a local user to gain elevated privileges. Due to improper bounds checking, it is possible to cause a buffer overflow in dtmail by filling the MAIL environment variable with 2000 or more characters. This results in the overwriting of stack variables, including the return address, and can allow a local user to gain an effective GID of mail.

Information

Bugtraq ID: 3081
Class: Boundary Condition Error
CVE: CVE-2001-0548

Remote: No
Local: Yes
Published: Jul 24 2001 12:00AM
Updated: Jul 11 2009 06:56AM
Credit: This vulnerability was announced in a NSFOCUS Security Advisory on July 24, 2001.
Vulnerable: Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.6_x86
Sun Solaris 2.6


Not Vulnerable:

Exploit



References:

Related Posts