Common Desktop Environment dtlogin utility double-free

cde-dtlogin-double-free (15581)

High Risk

Description:

The Common Desktop Environment (CDE) dtlogin utility is used to log into a CDE session. The CDE dtlogin utility has a double-free vulnerability in the X Display Manager Control Protocol (XDMCP). By sending a specially-crafted XDMCP packet to a vulnerable system, a remote attacker could obtain sensitive information, cause a denial of service or execute arbitrary code on the system.

Platforms Affected:

• Avaya, Call Management System
• Avaya, Interactive Response
• Open Group, Common Desktop Environment (CDE) 5.3.3
• Open Group, Common Desktop Environment (CDE)
• SCO, SCO UnixWare 7.1.1
• SCO, SCO UnixWare 7.1.3
• SCO, SCO UnixWare 7.1.4
• Sun, Solaris 7.0
• Sun, Solaris 8
• Sun, Solaris 9

Remedy:

Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 57539 for more information. See References.

SPARC Platform:
Solaris 7: 107180-31 or later
Solaris 8: 108919-21 or later
Solaris 9: 112807-09 or later

x86 Platform:
Solaris 7: 107181-31 or later
Solaris 8: 108920-21 or later
Solaris 9: 114210-08 or later

For SGI IRIX:
Apply the appropriate patch for your system, as listed in SGI Security Advisory 20040801-01-P. See References.

For SCO UnixWare 7.1.1:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2005.18. See References.

For SCO UnixWare 7.1.3:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2005.18. See References.

For SCO UnixWare 7.1.4:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2005.18. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

• BugTraq Mailing List, Tue Mar 23 2004 - 14:40:49 CST, Immunity Advisory: dtlogin remote root at http://archives.neohapsis.com/archives/bugtraq/2004-03/0229.html.
• CIAC INFORMATION BULLETIN P-258, Security Vulnerability Involving the Common Desktop Environment (CDE) dtlogin(1X) Command at http://www.ciac.org/ciac/bulletins/p-258.shtml.
• CIAC Information Bulletin O-129, Common Desktop Environment (CDE) dtlogin XDMCP parser Vulnerability at http://www.ciac.org/ciac/bulletins/o-129.shtml.
• CIAC Information Bulletin O-142, Hewlett Packaged HP-UX dtlogin Vulnerability at http://www.ciac.org/ciac/bulletins/o-142.shtml.
• SCO Security Advisory SCOSA-2005.18, UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : CDE dtlogin unspecified double free at ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.18/SCOSA-2005.18.txt.
• Sun Alert ID: 57539, dtlogin(1X) May Terminate Unexpectedly on Invalid XDMCP Packets (CERT VU#179804) at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57539&zone_32=security.
• VulnWatch Mailing List, Tue Mar 23 2004 - 14:27:07 CST, how much fun can you have with UDP? at http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0064.html.
• BID-9958: Common Desktop Environment DTLogin XDMCP Parser Remote Double Free Vulnerability
• CVE-2004-0368: Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
• SA11210: Common Desktop Environment dtlogin XDMCP Parsing Vulnerability
• SA11214: Sun Solaris CDE dtlogin XDMCP Parsing Vulnerability
• SA11495: AIX dtlogin XDMCP Parsing Vulnerability
• SA11614: HP-UX dtlogin XDMCP Parsing Vulnerability
• US-CERT VU#179804: Common Desktop Environment (CDE) dtlogin XDMCP parser improperly deallocates memory

Reported:

Mar 23, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page