Sun Solaris dbm_open and dbminit database functions buffer overflow

sun-database-functions-bo (12379) The risk level is classified as HighHigh Risk

Description:

Sun Solaris is vulnerable to a buffer overflow in the dbm_open and dbminit database functions. dbm_open is present in the C library libc and is used in the Solaris privileged program Xsun(1). A local attacker could exploit this vulnerability to gain unauthorized root access to the system.


Consequences:

Gain Access

Remedy:

Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 55420 for more information. See References.

SPARC:
Solaris 2.6: 105210-47, 105377-06, and 105401-43 or later
Solaris 7: 106541-22, 106942-26, and 106949-03 or later
Solaris 8: 108827-24, 108993-16, and 109152-02 or later
Solaris 9: 112874-01, 112922-02, 113319-10, 114569-02, and 114571-01 or later

x86:
Solaris 2.6: 105211-49 and 105402-435 or later
Solaris 7: 106542-22 and 106943-26 or later
Solaris 8: 108828-5, 108994-16, and 114617-01 or later
Solaris 9: 113719-03, 114570-01, and 114715-01 or later

References:

  • CIAC Information Bulletin N-108: Sun's XSun Program Buffer Overflow Vulnerability.
  • Sun Alert ID: 55420: A Buffer Overflow Vulnerability in the dbm_open(ndbm(3C) and dbm(3UCB)) and dbminit(3UCB) Database Functions May Allow Unauthorized Root Privileges .
  • BID-7991: Multiple Sun Database Functions Buffer Overflow Vulnerabilities
  • CVE-2003-1067: Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.
  • SA9088: Sun Solaris Database Function Privilege Escalation Vulnerabilities

Platforms Affected:

  • Sun Solaris 2.6
  • Sun Solaris 7.0
  • Sun Solaris 8
  • Sun Solaris 9

Reported:

Jun 19, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page