O-020: Sun Buffer Overflow Vulnerability in the CDE DtHelp Library

REVISION HISTORY:
05/04/2004 - revised to reflect the changes Sun has made in their Sun Alert
             ID: 57414 in the State section, Contributing Factors section, Relief/
			 Workaround section, and Resolution section.
08/05/04 - added a link to SGI Security Advisory 20040801-01-P SGI Bug 902695.	 
			 
			 
[***** Start Sun Alert ID: 57414 *****]

Sun Alert ID: 57414 
Synopsis: Buffer Overflow Vulnerability in the CDE DtHelp Library May Allow Unauthorized "root" Access 
Category: Security 
Product: Solaris 
BugIDs: 4930117 
Avoidance: Patch 
State: Resolved 
Date Released: 07-Nov-2003, 30-Apr-2004 
Date Closed: 30-Apr-2004 
Date Modified: 06-Feb-2004, 30-Apr-2004 
 

1. Impact 

The DtHelp library (libDtHelp.so) is used by the Common Desktop Environment (CDE) to display context help. 
This library contains a buffer overflow vulnerability which could allow a local user to gain root access 
or possibly crash affected CDE applications which utilize the DtHelp library causing a Denial of Service. 

This issue is described in the CERT Vulnerability VU#575804 (see http://www.kb.cert.org/vuls/id/575804) 
and CVE CAN-2003-0834 (see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0834). 


2. Contributing Factors 

This issue can occur in the following releases: 

SPARC Platform 

Solaris 7 without patch 107178-03 
Solaris 8 without patch 108949-08 
Solaris 9 without patch 116308-01 


x86 Platform 

Solaris 7 without patch 107179-03 
Solaris 8 without patch 108950-08 
Solaris 9 without patch 116309-01 


3. Symptoms 

There are no reliable symptoms that would show the described issue has been exploited to gain unauthorized 
root access to a host. 

Solution Summary Top 

4. Relief/Workaround 

There is no workaround. Please see the "Resolution" section below. 



5. Resolution 

This issue is addressed in the following releases: 

SPARC Platform 

Solaris 7 with patch 107178-03 or later 
Solaris 8 with patch 108949-08 or later 
Solaris 9 with patch 116308-01 or later 


x86 Platform 

Solaris 7 with patch 107179-03 or later 
Solaris 8 with patch 108950-08 or later 
Solaris 9 with patch 116309-01 or later 


Change History 

06-Feb-2004: 

Updated Contributing Factors and Resolution sections 


30-Apr-2004: 

State: Resolved 
Updated Contributing Factors and Resolution sections 




This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may 
contain information provided by third parties. The issues described in this Sun Alert notification may or 
may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information 
contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF 
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING 
THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED 
HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being 
provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do 
not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the 
purposes contemplated by these agreements. 

Copyright 2000-2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights 
reserved. 


[***** End Sun Alert ID: 57414 *****]

    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/