Multiple Vendor CDE dtaction Userflag Buffer Overflow Vulnerability

CDE is the Common Desktop Environment, an implementation of a Desktop Manager for systems that run X. It is distributed with various commercial UNIX implementations.

Under some distributions of CDE Common Desktop Environment, the dtaction program has a locally exploitable buffer overflow condition. The buffer overflow condition exists in the argument parsing code for the -u (user) function. Any information provided by the user over 1024 bytes may overwrite the buffer and in return be exploited by a malicious user.

Since the dtaction program is typically installed setuid root, this make it possible for a local user to gain administrative access on a vulnerable system.


Privacy Statement
Copyright 2010, SecurityFocus