TUCoPS :: SunOS/Solaris :: kcms4.htm

Solaris kcsSUNWIOsolf.so Buffer Overflow 
Vulnerability

    kcsSUNWIOsolf.so

Affected

    Solaris

Description

    LSD found following.  There exists a buffer overflow vulnerability
    in the way  the KCMS_PROFILES environment  variable is handled  by
    the  kcsSUNWIOsolf.so  library.    When  appropriately   exploited
    through  a  kcms_configure  program  it  can  lead to a local root
    compromise on a vulnerable system.

    There also exists a  buffer overflow vulnerability in  a dtsession
    program in a way it handles LANG environment variable.

    Proof  of  concept  codes  for  both  vulnerabilites are avaialble
    at our website at the following addresses:

        http://lsd-pl.net/files/get?SOLARIS/solsparc_kcssunwiosolf
        http://lsd-pl.net/files/get?SOLARIS/solx86_kcssunwiosolf
        http://lsd-pl.net/files/get?SOLARIS/solx86_dtsession

Solution

    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH