Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Solaris ximp40 Library Buffer Overflow Vulnerability

Solaris ximp40 Library Buffer Overflow Vulnerability

by Phiber on February 2nd, 2001 A problem in the ximp40 library packaged with Openwin could allow a user to gain elevated privileges. Due to a problem with the handling of input by the programs linked against ximp40.so.2, it is possible to supply a long string, approximately 272 bytes, to the arg0 of the command, which will overwrite stack variables, including the return address of the program......


This makes it possible for a malicious user with local access to the system to execute arbitrary code, and depending upon which SUID binary is exploited, gain either EUID mail, or EUID root. Programs linked against the library that have been reported as vulnerable are:



*Solaris 8

suid root : /usr/dt/bin/dtaction

suid root : /usr/dt/bin/dtprintinfo

suid root : /usr/openwin/bin/sys-suspend

sgid mail : /usr/dt/bin/dtmail

sgid mail : /usr/openwin/bin/mailtool



*Solaris 7

suid root : /usr/dt/bin/dtaction

suid root : /usr/dt/bin/dtprintinfo

suid root : /usr/dt/bin/dtappgather

suid root : /usr/bin/admintool

suid root : /usr/openwin/bin/sys-suspend

sgid mail : /usr/dt/bin/dtmail

sgid mail : /usr/openwin/bin/mailtool



SecurityFocus


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »