AOH :: SunOS/Solaris

AOH :: SunOS/Solaris :: KCMS4.HTM
Solaris kcsSUNWIOsolf.so Buffer Overflow

Vulnerability

    kcsSUNWIOsolf.so

Affected

    Solaris

Description

    LSD found following.  There exists a buffer overflow vulnerability
    in the way  the KCMS_PROFILES environment  variable is handled  by
    the  kcsSUNWIOsolf.so  library.    When  appropriately   exploited
    through  a  kcms_configure  program  it  can  lead to a local root
    compromise on a vulnerable system.

    There also exists a  buffer overflow vulnerability in  a dtsession
    program in a way it handles LANG environment variable.

    Proof  of  concept  codes  for  both  vulnerabilites are avaialble
    at our website at the following addresses:

        http://lsd-pl.net/files/get?SOLARIS/solsparc_kcssunwiosolf
        http://lsd-pl.net/files/get?SOLARIS/solx86_kcssunwiosolf
        http://lsd-pl.net/files/get?SOLARIS/solx86_dtsession

Solution

    Nothing yet.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.