Solaris 7/8 kcms_configure Command-Line Buffer Overflow Vulnerability

The Kodak Color Management System, or KCMS, is a package that ships with workstation installations of Solaris 7 and 8. kcms_configure, a part of KCMS, is vulnerable to a buffer overflow if it is passed an overly long string on the command-line by a local user. kcms_configure is installed setuid root, so a buffer overflow can lead to arbitrary code execution as root.

An exploit for x86 Solaris is available to attackers.


 

Privacy Statement
Copyright 2010, SecurityFocus