dtprintinfo included with IBM AIX is a program for opening the CDE Print Manager window. This program is normally installed as SUID root.
Exploitation of a buffer overflow in the Common Desktop Environment (CDE) dtprintinfo application allows an attacker to gain root privileges.
The buffer overflow occurs because of insufficient bounds checking in the Volume search field found under the Help menu that appears when dtprintinfo executes. An attacker can supply a string of arbitrary length into the "Entries with" field.
Passing random characters through an overflowed buffer typically results in a crash. Passing structured characters through an overflowed buffer may result in the execution of the code on the operating system.
An attacker may code the string to either crash the application and underlying OS or execute code on the underlying OS with root privileges.
iDEFENSE has proof of concept exploit code demonstrating the impact of this vulnerability.
IMB Corp.'s AIX 4.3, 4.3.1, 4.3.2 and 4.3.3 are affected.
IBM has released patch APAR IY21539 to address this issue.
A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number CAN-2001-0551 has been assigned to this issue.
01/05/2003 Exploit acquired by iDEFENSE
01/10/2003 Initial vendor notification
01/21/2003 iDEFENSE Clients notified
01/29/2003 Public Disclosure
Euan Briggs is credited with this discovery.
Get paid for vulnerability research
Copyright © 2004 Verisign, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email email@example.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,