SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
About the Archives
Want to learn about the SecurityTracker archives? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Generic)  >  libDtSvc.a (CDE DtSvc Library) Vendors:  IBM
(Caldera Issues Fix for UnixWare and OpenUNIX) Common Desktop Environment (CDE) DtSvc Library Buffer Overflow May Let Local Users Obtain Root Privileges
Date:  Nov 7 2001
Impact:  Execution of arbitrary code via local system, Root access via local system, User access via local system
Fix Available:  Yes   Vendor Confirmed:  Yes  
Description:  IBM reported a buffer oveflow vulnerability in CDE DtSvc library for IBM's AIX operating system. A local user can execute arbitrary code and gain elevated privileges on the host, potentially including root level privileges.

It is reported that a buffer overflow vulnerability has been found in the Common Desktop Environment (CDE) libDtSvc.a library. The vulnerability can be triggered when a local user passes a specially coded string to any of the "dt" commands (e.g., dtprintinfo, dtterm) using the "-session" option.
Impact:  A local user can execute arbitrary code with root level privileges, gaining root level access on the host.
Solution:  The vendor has released a fix for UnixWare 7 and Open UNIX 8:

ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/

The verification checksum is:

8d5c98f761dd68aa108794d8ed5c70f1 erg711881.Z

Upgrade the affected binaries with the following commands:

# uncompress /tmp/erg711881.Z
# pkgadd -d /tmp/erg711881

See the Source Message for the vendor's advisory containing additional information.
Vendor URL:  www.ibm.com/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  UNIX (SCO)
Underlying OS Comments:  IBM AIX 4.3 and 5.1; other UNIX operating systems may be affected
Reported By:  security-alert@caldera.com
Message History:   This archive entry is a follow-up to the message listed below.
Oct 30 2001 Common Desktop Environment (CDE) DtSvc Library Buffer Overflow May Let Local Users Obtain Root Privileges


 Source Message Contents
Date:  Tue, 6 Nov 2001 13:29:29 -0800
From:  security-alert@caldera.com
Subject:  Security Update: [CSSA-2001-SCO.30] Open UNIX, UnixWare 7: DCE SPC library buffer overflow

 

--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: bugtraq@securityfocus.com security-announce@lists.securityportal.com announce@lists.caldera.com s
coannmod@xenitec.on.ca

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open UNIX, UnixWare 7: DCE SPC library buffer overflow
Advisory number: 	CSSA-2001-SCO.30
Issue date: 		2001 November 6
Cross reference:
___________________________________________________________________________


1. Problem Description
 
	The DCE SPC library is vulnerable to a network buffer overflow
	attack. This bug manifests itself in dtspcd.
 

2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/dt/lib/libDtSvc.so.1
	Open UNIX		8.0.0		/usr/dt/lib/libDtSvc.so.1


3. Workaround

	None.


4. UnixWare 7, Open UNIX 8

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/


  4.2 Verification

	md5 checksums:
 
	8d5c98f761dd68aa108794d8ed5c70f1	erg711881.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711881.Z
	# pkgadd -d /tmp/erg711881


5. References

	CERT / ISS draft advisory VU#172583

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr854831, fz519245, and erg711881 


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers, intended to promote the secure installation
	and use of Caldera International products.


7. Acknowledgements

	This vulnerability was discovered and researched by Chris
	Spencer of the ISS X-Force.

	 
___________________________________________________________________________

--BOKacYhQ+x31HxR3
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvoVjkACgkQaqoBO7ipriHGfQCfUrWPMxGOx4d/vmlnJcph8U7j
xIcAn1sZxuJjF8bKpabBsaNVMFHgCua9
=LzIm
-----END PGP SIGNATURE-----

--BOKacYhQ+x31HxR3--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2001, SecurityGlobal.net LLC