Linux SVGAlib buffer overflow

linux-svgalib-bo (3412)

High Risk

Description:

SVGAlib is vulnerable to a buffer overflow caused by improper bounds checking of the HOME environment variable. By setting the HOME environment variable to an overly long value when using any SVGAlib application, a local attacker could overflow a buffer and execute arbitrary code on the system with root privileges.

Platforms Affected:

• RedHat, Linux 4.2
• SCO, Caldera Network Desktop 1.0
• SCO, Caldera OpenLinux Base 1.0
• SCO, Caldera OpenLinux Base 1.1
• SCO, Caldera OpenLinux Lite 1.1
• SCO, Caldera OpenLinux Standard 1.1
• SVGAlib, SVGAlib 1.2.10 and prior

Remedy:

If you are running Red Hat Linux on an Intel platform, upgrade to the latest version of the svgalib package from the Red Hat Updates FTP site. See References.

For Caldera Network Desktop1.0, OpenLinux Base 1.0 and 1.1, OpenLinux Lite 1.1 and OpenLinux Standard 1.1:
Upgrade to the latest svgalib package (1.2.11-1 or later) as listed in Caldera Systems, Inc. Security Advisory SA-1997.32. See References.

Consequences:

Gain Privileges

References:

• Caldera International, Inc. Security Advisory SA-1997.32, Vulnerability in svgalib 1.2.10 which can be exploited with zgv. at ftp://ftp.caldera.com/pub/security/OpenLinux/SA-1997.32.txt.
• KSR[T] Security Advisory #001, svgalib 1.2.10 and below do not properly revoke privilege. at http://archives.neohapsis.com/archives/bugtraq/1997_2/0521.html.
• Red Hat Errata Archives, Red Hat Linux 4.2 General Errata at https://www.redhat.com/support/errata/archives/rh42-errata-general.html.
• Red Hat Linux 4.2 General Errata, svgalib at http://www.redhat.com/support/errata/archives/rh42-errata-general.html#svgalib.
• SVGAlib Web site, Welcome to SVGAlib at http://www.svgalib.org/.
• CVE-1999-1483: Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local users to execute arbitrary code via a long HOME environment variable.

Reported:

Jun 27, 1997

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page