ISS X-Force Database: cde-dtprintinfo-bo(8034): CDE dtprintinfo buffer overflow

CDE dtprintinfo buffer overflow

cde-dtprintinfo-bo (8034)

High Risk

Description:

CDE (Common Desktop Environment) dtprintinfo print viewer program is vulnerable to a buffer overflow. By copying a large amount of text from the clipboard to the search field in the Help window, a local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.

Platforms Affected:

Compaq, Tru64 4.0f
Compaq, Tru64 4.0g
HP, HP-UX 10.10
HP, HP-UX 10.20
HP, HP-UX 10.24
HP, HP-UX 11.00
HP, HP-UX 11.04
HP, HP-UX 11.11
HP, HP-UX 11.22
IBM, AIX 4.3
IBM, AIX 4.3.1
IBM, AIX 4.3.2
IBM, AIX 4.3.3
IBM, AIX 5.1
SCO, Caldera OpenUnix 8.0.0
SCO, Caldera UnixWare 7.1.1
Sun, Solaris 1.0
Sun, Solaris 2.5.1
Sun, Solaris 2.6
Sun, Solaris 7.0
Sun, Solaris 8

Remedy:

For IBM AIX 4.3.x:
Apply APAR IY21539 patch, available from the IBM Technical Support Web site. See References.

For IBM AIX 5.1:
Apply APAR IY20917 patch, available from the IBM Technical Support Web site. See References.

For HP-UX 10.10, 10.20, 10.24, 11.00, 11.04 and 11.11:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Company Security Bulletin HPSBUX0105-151. See References.

For HP-UX 10.20, 11.00, 11.04, 11.11, and 11.22:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Company Security Bulletin HPSBUX0306-263. See References.

For HP Tru64 UNIX:
Apply the appropriate Early Release Patches (ERPs) for your system, as listed in Hewlett-Packard Company Security Bulletin: SSRT2405a. See References.

For Sun Solaris 2.4, 2.5, 2.5.1, 2.6, 7, and 8:
Apply the appropriate patch for your system, as listed in eSO Security Advisory: 2406. See References.

For Caldera UnixWare 7.1.1 and OpenUnix 8.0.0:
Apply the appropriate patch for your system, as listed in Caldera International, Inc. Security Advisory CSSA-2002-SCO.30. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Privileges

References:

Caldera International, Inc. Security Advisory CSSA-2002-SCO.30, UnixWare 7.1.1 Open UNIX 8.0.0 : dtprintinfo buffer overflow with Help search at ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.30/CSSA-2002-SCO.30.txt.
CIAC Information Bulletin N-102, Hewlett-Packard Potential Security Vulnerabilities in CDE at http://www.ciac.org/ciac/bulletins/n-102.shtml.
eSO Security Advisory: 2406, CDE dtprintinfo Help search buffer overflow vulnerability at http://www.esecurityonline.com/advisories/eSO2406.asp.
Hewlett-Packard Company Security Bulletin HPSBUX0105-151, Security Vulnerabilities in CDE on HP-UX at http://archives.neohapsis.com/archives/hp/2001-q2/0044.html. (From Neohapsis archive)
IBM Technical Support Web site, AIX General Software Fixes at http://www-03.ibm.com/servers/eserver/support/unixservers/aixfixes.html. (Refer to AIX APAR IY21539 4.3.x and AIX APAR IY209175.1.)
BID-4630: CDE DTPrintInfo Help Volume Search Buffer Overflow Vulnerability
BID-7719: CDE DTPrintInfo Unspecified Privilege Escalation Vulnerability
BID-8888: CDE dtprintinfo Unspecified Remote Unauthorized Access Vulnerability
CVE-2001-0551: Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.
US-CERT VU#860296: CDE dtprintinfo contains local buffer overflow in Help window via clipboard copy

Reported:

Dec 20, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page