vendor:
Kodak Color Management System
by:
Riley Hassell
7.2
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Kodak Color Management System
Affected Version From: Solaris 7 and 8
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: x86 Solaris
2002
Kodak Color Management System Buffer Overflow
The Kodak Color Management System, or KCMS, is a package that ships with workstation installations of Solaris 7 and 8. kcms_configure, a part of KCMS, is vulnerable to a buffer overflow if it is passed an overly long string on the command-line by a local user. kcms_configure is installed setuid root, so a buffer overflow can lead to arbitrary code execution as root. An exploit for x86 Solaris is available to attackers.
Mitigation:
Upgrade to the latest version of the Kodak Color Management System.