// back

AIX dtprintinfo buffer overflow Vulnerability

01.29.03

BACKGROUND

dtprintinfo included with IBM AIX is a program for opening the CDE Print Manager window. This program is normally installed as SUID root.

DESCRIPTION

Exploitation of a buffer overflow in the Common Desktop Environment (CDE) dtprintinfo application allows an attacker to gain root privileges.

The buffer overflow occurs because of insufficient bounds checking in the Volume search field found under the Help menu that appears when dtprintinfo executes. An attacker can supply a string of arbitrary length into the "Entries with" field.

Passing random characters through an overflowed buffer typically results in a crash. Passing structured characters through an overflowed buffer may result in the execution of the code on the operating system.

ANALYSIS

An attacker may code the string to either crash the application and underlying OS or execute code on the underlying OS with root privileges.

iDEFENSE has proof of concept exploit code demonstrating the impact of this vulnerability.

DETECTION

IMB Corp.'s AIX 4.3, 4.3.1, 4.3.2 and 4.3.3 are affected.

VENDOR RESPONSE

IBM has released patch APAR IY21539 to address this issue.

CVE INFORMATION

A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number CAN-2001-0551 has been assigned to this issue.

DISCLOSURE TIMELINE

01/05/2003   Exploit acquired by iDEFENSE
01/10/2003   Initial vendor notification
01/21/2003   iDEFENSE Clients notified
01/29/2003  Public Disclosure

CREDIT

Euan Briggs is credited with this discovery.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

LEGAL NOTICES

Copyright © 2004 Verisign, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.