Note: This is an archival copy of Security Sun Alert 200789 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000604.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 7 Operating System Solaris 8 Operating System Bug Id 4930117 Date of Workaround Release 07-NOV-2003 Date of Resolved Release 30-APR-2004 Impact The DtHelp library (libDtHelp.so) is used by the Common Desktop Environment (CDE) to display context help. This library contains a buffer overflow vulnerability which could allow a local user to gain root access or possibly crash affected CDE applications which utilize the DtHelp library causing a Denial of Service. This issue is described in the CERT Vulnerability VU#575804 (see http://www.kb.cert.org/vuls/id/575804) and CVE CAN-2003-0834 (see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0834).
Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Symptoms There are no reliable symptoms that would show the described issue has been exploited to gain unauthorized root access to a host. Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following releases: SPARC platform
x86 Platform
Modification History Date: 06-FEB-2004
Date: 30-APR-2004
References116308-01108949-08 107178-03 108950-08 107179-03 116309-01 Attachments This solution has no attachment |
|