CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
9.6%
A vulnerability in the way dtmail
handles command-line arguments could allow an attacker to execute arbitrary code.
The dtmail
program is a mail user agent (MUA) for the Common Desktop Environment (CDE). It provides a graphical user interface for reading, sending, and managing email. There is a vulnerability in the way Sun Solaris dtmail
handles command-line arguments. By supplying a specially crafted argv[0]
value containing a format string specifier, a local user could execute arbitrary code with privileges of the vulnerable process.
A local user could execute arbitrary code with privileges of the vulnerable process, typically group mail
. With these privileges, the user would have the ability to read, modify, and delete email of other users.
Apply patch
Sun has issued an advisory which addresses this issue. For more information on patches available for your system, please refer to Sun Security Alert 57627.
Remove set-group-ID bit
Remove the the “set-group-ID” bit from dtmail by doing the following:
chmod 0555 /usr/dt/bin/dtmail
Note: This may cause users to be unable to read NFS mounted mailboxes.
928598
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: May 16, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Avaya has published Avaya Security Advisory ASA-2005-110 in response to this issue. Users of the Avaya Call Management System (CMS) and Interactive Reponse (IR) products are encouraged to review this bulletin and apply the patches and workarounds it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23928598 Feedback>).
Updated: August 25, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please refer to Sun Security Alert 57627.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23928598 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by iDEFENSE Labs.
This document was written by Damon Morda.
CVE IDs: | CVE-2004-0800 |
---|---|
Severity Metric: | 5.63 Date Public: |