CVE
- Id
- 747
- CVE No.
- CVE-1999-0767
- Status
- Candidate
- Description
- Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
- Phase
- Proposed (19991214)
- Votes
- ACCEPT(4) Baker, Blake, Cole, Dik | MODIFY(2) Frech, Stracener | REVIEWING(2) Christey, Prosser
- Comments
- Stracener> Add Ref: CIAC: J-069 | Frech> XF:sun-libc-lcmessages | Prosser> BID 268 is an additional reference for this one as it has info on the Sun | vulnerability. However, BID 268 also includes AIX in this vulnerability and | refs APARS issued to fix a vulnerability in various "nixs with the Natural | Language Service environmental variables NSLPATH and PATH_LOCALE depending | on the "nix, ref CERT CA-97.10, CVE-1999-0041. However, Georgi Guninski | reported a BO in AIX with LC_MESSAGES + mount, also refed in BID 268, so it | is possible the AIX APARs fix an earlier, similar vulnerability to the Sun | BO in LC_MESSAGES. This should probably be considered under a different | CAN. Any ideas? | Christey> Given that the buffer overflows in CVE-1999-0041 are NLSPATH | and PATH_LOCALE, I"d say that"s good evidence that this is not | the same problem. But a buffer overflow in libc in | LC_MESSAGES... We must ask if these are basically the same | codebase. | | ADDREF CIAC:J-069 | Christey> While the description indicates multiple programs, CD:SF-EXEC | does not apply because the vulnerability was in libc, and | rcp and ufsrestore were both statically linked against libc. | Thus CD:SF-LOC applies, and a single candidate is maintained | because the problem occurred in a library. | Dik> Sun bug 4240566 | Christey> I"m consulting with Casper Dik and Troy Bollinger to see if | this should be combined with the AIX buffer overflows for | LC_MESSAGES; current indications are that they should be | split. | Christey> For further consultation, consider this post, though it"s | associated with CVE-1999-0041: | BUGTRAQ:19970213 Linux NLSPATH buffer overflow | http://www.securityfocus.com/archive/1/6296 | Also add "NLSPATH" and "PATH_LOCALE" to the description to | facilitate search.
