IRIX dmplay DISPLAY String Local Overflow

2000-08-02T00:00:00
ID OSVDB:1484
Type osvdb
Reporter Last Stage of Delirium Research Group(contact@lsd-pl.net)
Modified 2000-08-02T00:00:00

Description

Vulnerability Description

A local overflow exists in IRIX. The dmplay program fails to check bounds on strings passed to the DISPLAY variable via the command line, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code as root, resulting in a loss of integrity.

Solution Description

Upgrade to version 6.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in IRIX. The dmplay program fails to check bounds on strings passed to the DISPLAY variable via the command line, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code as root, resulting in a loss of integrity.

References:

Vendor URL: http://www.sgi.com Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-07/0461.html ISS X-Force ID: 5064 Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/dmplay.c CVE-2000-0796 Bugtraq ID: 1528