search menu icon-carat-right cmu-wordmark

CERT Coordination Center

CDE libDtHelp vulnerable to buffer overflow via DTHELPUSERSEARCHPATH or DTHELPSEARCHPATH

Vulnerability Note VU#575804

Original Release Date: 2003-11-04 | Last Revised: 2004-08-26

Overview

There is a vulnerability in the Common Desktop Environment (CDE) for UNIX systems which can allow a local user to gain root privileges.

Description

The Common Desktop Environment (CDE) is a standard desktop environment for UNIX based systems. CDE libDtHelp contains a buffer overflow that can be exploited by a local user. By modifying the DTHELPUSERSEARCHPATH or DTHELPSEARCHPATH environment variables and invoking Help an attacker can gain elevated privileges. For example, since dtprintinfo is commonly setuid root, it may be exploited by a local user to gain root privileges. Other programs that run with elevated privileges and link libDtHelp are also potential attack vectors.

Impact

An authenticated local user may be able to execute arbitrary code with root privileges. The attacker may also be able to crash vulnerable programs causing a denial of service.

Solution

Apply Patch or Upgrade

Apply a patch or upgrade as advised by your vendor. See the Systems Affected section for more information.

Vendor Information

575804
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Kevin Kotas of Computer Associates eTrust Vulnerability Manager. Thanks also to XiGraphics and SCO for information used in this document.

This document was written by Robert C. Seacord and Art Manion.

Other Information

CVE IDs: CVE-2003-0834
Severity Metric: 2.81
Date Public: 2003-11-04
Date First Published: 2003-11-04
Date Last Updated: 2004-08-26 21:38 UTC
Document Revision: 23

Sponsored by CISA.