CDE DTTerm Terminal Name Buffer Overflow Vulnerability

CDE is the Common Desktop Environment, an implementation of a Desktop Manager for systems that run X. It is distributed with various commercial UNIX implementations.

dtterm is a CDE terminal program that ships with commercial unix systems. The argument to the -tn option (used to specify a terminal name), passed to the program at the command line, is copied onto the stack blindly without being checked for size. If the argument is large enough, it can overwrite vital stack variables when it is written to the stack, altering the program's flow of execution. If this argument is intentionally constructed with the right data at the right locations, it can result in the program executing arbitrary commands supplied by the user with the privileges of the running process.

This can result in a local user gaining administrative access on vulnerable systems.


Privacy Statement
Copyright 2010, SecurityFocus