Solaris kcms_configure KCMS_PROFILES Buffer Overflow Vulnerability

Solaris kcms_configure KCMS_PROFILES Buffer Overflow Vulnerability

The Kodak Color Management System configuration tool 'kcms_configure' is vulnerable to a buffer overflow that could yield root privileges to an attacker.

The bug exists in the KCMS_PROFILES environment variable parser in a shared library 'kcsSUNWIOsolf.so' used by kcms_configure. If an overly long KCMS_PROFILES variable is set and kcms_configure is subsequently run, kcms_configure will overflow. Because the kcms_configure binary is setuid root, the overflow allows an attacker to execute arbitrary code as root.

Exploits are available against Solaris x86 and Solaris Sparc.