TUCoPS :: Unix :: General
:: unix4772.htm
dtprintinfo buffer overflow
2nd Oct 2001 [SBWID-4772]
COMMAND
dtprintinfo buffer overflow in various Unix systems
SYSTEMS AFFECTED
SCO UnixWare 7
OpenUnix 8.0.0
-Also-
Compaq Tru64 UNIX V4.0F
Compaq Tru64 UNIX V5.0
Compaq Tru64 UNIX V5.1
Compaq Tru64 UNIX V5.1A
PROBLEM
In Caldera Security bulletin CSSA-2001-SCO.22 (http://www.caldera.com)
:
Very long environment variables will cause the dtprintinfo command to
overflow a buffer. This could be used by an unauthorized user to gain
privilege.
Update (18 April 2002)
======
In Noboru Yoshinaga [yosinaga@lac.co.jp] SNS Advisory No.50 :
The /usr/dt/bin/dtprintinfo included with Compaq Tru64 UNIX is a
program for opening the CDE Print Manager window. This program is
installed as SUID root. In dtprintinfo it is possible to restore a
client to the original desktop state by loading the session file using
the \"-session\" option. A buffer overflow will occur in dtprintinfo
when an unusually long string of characters is used in session
filenames. This will result in the possibility for the local attacker
to execute arbitrary code as root.
SOLUTION
Get patch from :
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.22/
md5 checksums:e726067eba0107ac5efd8c1fdb141b0d dtprintinfo.Z
Compaq :
http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml