CDE dtsession Buffer Overflow Vulnerability

CDE dtsession Buffer Overflow Vulnerability

The CDE Session Manager 'dtsession' is vulnerable to a buffer overflow that could yield root privileges to an attacker.

The bug exists in dtsession's LANG environment variable parser. If an overly long LANG variable is set and dtsession is subsequently run, dtsession will overflow. Because the dtsession binary is setuid root, the overflow allows an attacker to execute arbitrary code as root.

An exploit is available against x86 Solaris installations of CDE.