{"vuid":"VU#860296","idnumber":"860296","name":"CDE dtprintinfo contains local buffer overflow in Help window via clipboard copy","keywords":["Sun","Solaris","CDE","dtprintinfo","libDtHelp","libDtSvc"],"overview":"The CDE Print Viewer program dtprintinfo provides a graphical interface display the status of print queues and print jobs. By using the clipboard to overflow the search field in the Help window of dtprintinfo, a local attacker can execute arbitrary code on the system as root.","clean_desc":"There is a buffer overflow in the graphical program used to view print job status in CDE-aware desktop environments. Since dtprintinfo is commonly set to be setuid root, this defect could allow a local attacker to execute arbitrary code as root.","impact":"A user with local access can execute arbitrary code with root privileges.","resolution":"Apply a patch from your vendor. Sun patches: 108949-04: CDE 1.4: libDtHelp/libDtSvc patch\n108950-04: CDE 1.4_x86: litDtHelp/libDtSvc patch Please see other vendor statements for additional patch information.","workarounds":"<H4> Workaround</H4>\nDisable dtprintinfo or 'chmod -s' the binary.","sysaffected":"","thanks":"The CERT/CC thanks Kevin Kotas of Ernst & Young's eSecurityOnline for reporting this vulnerability to us and to affected vendors.","author":"This document was written by Jeffrey S. Havrilla.","public":["http://www.opengroup.org/cde/","  http://www.opengroup.org/desktop/faq/","http://www.eSecurityOnline.com/advisories/eSO2406.asp","http://www.iss.net/security_center/static/8034.php"],"cveids":["CVE-2001-0551"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-02-22T18:30:34Z","publicdate":"2001-08-17T00:00:00Z","datefirstpublished":"2001-12-20T18:59:36Z","dateupdated":"2002-04-30T18:42:14Z","revision":15,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"6.75","cam_scorecurrentwidelyknown":"11.25","cam_scorecurrentwidelyknownexploited":"18.75","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.75,"vulnote":null}