Overview
The HP Tru64 UNIX implementation of "dtsession" contains a locally exploitable buffer overflow.
Description
From the HP Tru64 UNIX reference pages, the "dtsession" utility "provides ICCCM 1.1 compliant session management functionality during a user's session, the time from login to logout. It launches a window manager and allows for saving a session, restoring a session, locking a session, launching screen savers and allocating colors for desktop compatible clients." A locally exploitable buffer overflow in "dtsession" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host. |
Impact
A local user may be able to gain elevated privileges and execute arbitrary code. |
Solution
Apply a patch. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to KF for reporting this vulnerability.
This document was written by Ian A Finlay.
Other Information
| CVE IDs: | None |
| Severity Metric: | 7.50 |
| Date Public: | 2002-08-30 |
| Date First Published: | 2002-09-13 |
| Date Last Updated: | 2002-09-13 14:23 UTC |
| Document Revision: | 11 |