Solaris DTMail Mail Environment Variable Buffer Overflow Vulnerability

dtmail is an application included with the Common Desktop Environment, one of the X Window Managers included with Solaris.

A buffer overflow in dtmail makes it possible for a local user to gain elevated privileges. Due to improper bounds checking, it is possible to cause a buffer overflow in dtmail by filling the MAIL environment variable with 2000 or more characters. This results in the overwriting of stack variables, including the return address, and can allow a local user to gain an effective GID of mail.

Information

Bugtraq ID: 3081
Class: Boundary Condition Error
CVE: CVE-2001-0548

Remote: No
Local: Yes
Published: Jul 24 2001 12:00AM
Updated: Jul 11 2009 06:56AM
Credit: This vulnerability was announced in a NSFOCUS Security Advisory on July 24, 2001.
Vulnerable: Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.6_x86
Sun Solaris 2.6

Not Vulnerable:

Exploit

/data/vulnerabilities/exploits/sol_sparc_dtmail_MAIL_ex.c
/data/vulnerabilities/exploits/sol_sparc_dtmail_MAIL_ex.c

References:

Source: www.securityfocus.com

Exploit Collector

Search Exploit