CVE-2003-0834
published 2003-12-01CVE-2003-0834: Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help…
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.22%
64.9th percentile
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sco | open_unix | — | — |
| sco | unixware | — | — |
| sco | unixware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)
exploitdb·2004-12-24
CVE-2003-0834 Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)
Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)
---
/*
* $Id: raptor_libdthelp2.c,v 1.1 2004/12/04 14:44:38 raptor Exp $
*
* raptor_libdthelp2.c - libDtHelp.so local, Solaris/SPARC 7/8/9
* Copyright (c) 2003-2004 Marco Ivaldi
*
* Buffer overflow in CDE libDtHelp library allows local users to execute
* arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable
* and the Help feature (CAN-2003-0834).
*
* "Stay with non exec, it keeps you honest" -- Dave Aitel (0dd)
*
* Possible attack vectors are: DTHELPSEARCHPATH (as used in this exploit),
* DTHELPUSERSEARCHPATH, LOGNAME (those two require a slightly different
* exploitation technique, due to different code paths).
*
* This is the ret-into-ld.so version of raptor_libdthelp.c, able to bypass
* the non-executable stack
Exploit-DB
Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (1)
exploitdb·2004-12-24
CVE-2003-0834 Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (1)
Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (1)
---
/*
* $Id: raptor_libdthelp.c,v 1.1 2004/12/04 14:44:38 raptor Exp $
*
* raptor_libdthelp.c - libDtHelp.so local, Solaris/SPARC 7/8/9
* Copyright (c) 2003-2004 Marco Ivaldi
*
* Buffer overflow in CDE libDtHelp library allows local users to execute
* arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable
* and the Help feature (CAN-2003-0834).
*
* Possible attack vectors are: DTHELPSEARCHPATH (as used in this exploit),
* DTHELPUSERSEARCHPATH, LOGNAME (those two require a slightly different
* exploitation technique, due to different code paths).
*
* Usage:
* $ gcc raptor_libdthelp.c -o raptor_libdthelp -Wall
* [on your xserver: disable the access control]
* $ ./raptor_libdthelp 192.168.1.1:0
* [on your xserver: ent
No writeups or analysis indexed.
ftp://patches.sgi.com/support/free/security/advisories/20040801-01-Phttp://archives.neohapsis.com/archives/hp/2003-q4/0047.htmlhttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57414http://www.idefense.com/application/poi/display?id=134&type=vulnerabilities&flashstatus=falsehttp://www.kb.cert.org/vuls/id/575804http://www.securityfocus.com/bid/8973https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5141ftp://patches.sgi.com/support/free/security/advisories/20040801-01-Phttp://archives.neohapsis.com/archives/hp/2003-q4/0047.htmlhttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57414http://www.idefense.com/application/poi/display?id=134&type=vulnerabilities&flashstatus=falsehttp://www.kb.cert.org/vuls/id/575804http://www.securityfocus.com/bid/8973https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5141
2003-12-01
Published