CVE
- Id
- 798
- CVE No.
- CVE-1999-0818
- Status
- Candidate
- Description
- Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable.
- Phase
- Proposed (19991208)
- Votes
- ACCEPT(2) Armstrong, Stracener | MODIFY(4) Cole, Dik, Frech, Prosser | NOOP(1) Baker | REVIEWING(1) Christey
- Comments
- Cole> This can cause code to be executed. | Frech> XF:sol-kcms-conf-netpath-bo | Dik> the bug has nothing to do with kcms_configure; it"s a bug | in libnsl.so. All set-uid executables that trigger this code path are | vulnerable. Sun bug 4295834; fixed in Solaris 8. | Prosser> Okay, I am confused. Based on Casper"s comments and checking | on the Sun patch site, I found the 4295834 bug(4295834 NETPATH security | problem in libnsl) fixed in SunOS 5.4, Patch 101974-37(x86) 101973 (sparc). | Multiple libnsl vulnerabilities was first reported in an 98 Sun Bulletin | #00172 for 5.4 up through 2.6. Was this NETPATH a problem that resurfaced | in 7 (looks like in 5.4 as well) and was fixed in 8? | Christey> Need to dig up my offline email on this. | Christey> May be a duplicate of CVE-1999-0321, whose sole reference | (XF:sun-kcms-configure-bo) no longer exists. Also examine | BID:452 and | BUGTRAQ:19981223 Merry Christmas to Sun! (Was: L0pht NFR N-Code | Modules Updated) | | which are the same as XF:sol-kcms-conf-p-bo(3652), which could | be the new name for XF:sun-kcms-configure-bo.
