Product
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4930117

Date of Workaround Release
07-NOV-2003

Date of Resolved Release
30-APR-2004

Impact

The DtHelp library (libDtHelp.so) is used by the Common Desktop Environment (CDE) to display context help. This library contains a buffer overflow vulnerability which could allow a local user to gain root access or possibly crash affected CDE applications which utilize the DtHelp library causing a Denial of Service.

This issue is described in the CERT Vulnerability VU#575804 (see http://www.kb.cert.org/vuls/id/575804) and CVE CAN-2003-0834 (see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0834).

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

• Solaris 7 without patch 107178-03
• Solaris 8 without patch 108949-08
• Solaris 9 without patch 116308-01

x86 Platform

• Solaris 7 without patch 107179-03
• Solaris 8 without patch 108950-08
• Solaris 9 without patch 116309-01

Symptoms

There are no reliable symptoms that would show the described issue has been exploited to gain unauthorized root access to a host.

Workaround

There is no workaround. Please see the "Resolution" section below.

Resolution

This issue is addressed in the following releases:

SPARC platform

• Solaris 7 with patch 107178-03 or later
• Solaris 8 with patch 108949-08 or later
• Solaris 9 with patch 116308-01 or later

x86 Platform

• Solaris 7 with patch 107179-03 or later
• Solaris 8 with patch 108950-08 or later
• Solaris 9 with patch 116309-01 or later

Modification History
Date: 06-FEB-2004

• Updated Contributing Factors and Resolution sections

Date: 30-APR-2004

• State: Resolved
• Updated Contributing Factors and Resolution sections

References

116308-01
108949-08
107178-03
108950-08
107179-03
116309-01




Attachments

This solution has no attachment