Solaris dtsession HOME Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Solaris dtsession HOME Buffer Overflow Vulnerability

It has been reported that dtsession is vulnerable to a locally exploitable buffer overflow vulnerability. The vulnerability is related to handling of the HOME environment variable. Local attackers may exploit this vulnerability to obtain root privileges. While only Solaris is confirmed, other systems that include CDE are likely vulnerable.