CDE DTPrintInfo Display Environment Variable Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

CDE DTPrintInfo Display Environment Variable Buffer Overflow Vulnerability

It has been reported that dtprintinfo, installed setuid root by default, is susceptible to a locally exploitable buffer overflow vulnerability. The condition is triggered when the value of the DISPLAY environment variable is set to a string exceeding 9777 bytes in length. The vulnerability may allow for local attackers to gain root privileges on the affected host.