Note: This is an archival copy of Security Sun Alert 200789 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000604.1.
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
The DtHelp library (libDtHelp.so) is used by the Common Desktop Environment (CDE) to display context help. This library contains a buffer overflow vulnerability which could allow a local user to gain root access or possibly crash affected CDE applications which utilize the DtHelp library causing a Denial of Service.
This issue is described in the CERT Vulnerability VU#575804 (see http://www.kb.cert.org/vuls/id/575804) and CVE CAN-2003-0834 (see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0834).
This issue can occur in the following releases:
There are no reliable symptoms that would show the described issue has been exploited to gain unauthorized root access to a host.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment