vendor:
Solaris
by:
riley@eeye.com
7.2
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Solaris
Affected Version From: Solaris 7 (x86)
Affected Version To: Solaris 7 (x86)
Patch Exists: YES
Related CWE: N/A
CPE: o:sun:solaris:7
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Solaris 7 (x86)
2001
Solaris 7 (x86) /usr/openwin/bin/Xsun HOME environment overflow
The X11 server that ships with Sun Microsystems' Solaris, Xsun, contains a locally exploitable buffer overflow vulnerability. The condition is present when the value of the HOME environment variable is of excessive length (more than 1050 bytes long). An attacker may exploit this vulnerability to execute arbitrary code with effective group 'root' privileges.
Mitigation:
The user should ensure that the value of the HOME environment variable is not of excessive length.