OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: LSD (contactLSD-PL.NET)
Date: Wed Apr 11 2001 - 22:26:40 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    There exists a buffer overflow vulnerability in the way the
    KCMS_PROFILES environment variable is handled by the kcsSUNWIOsolf.so
    library. When appropriately exploited through a kcms_configure program
    it can lead to a local root compromise on a vulnerable system.

    There also exists a buffer overflow vulnerability in a dtsession
    program in a way it handles LANG environment variable.

    Proof of concept codes for both vulnerabilites are avaialble
    at our website at the following addresses:

     http://lsd-pl.net/files/get?SOLARIS/solsparc_kcssunwiosolf
     http://lsd-pl.net/files/get?SOLARIS/solx86_kcssunwiosolf
     http://lsd-pl.net/files/get?SOLARIS/solx86_dtsession

    Regards,

    lsd ppl
    http://lsd-pl.net/