COMMAND

    kcsSUNWIOsolf.so

SYSTEMS AFFECTED

    Solaris

PROBLEM

    LSD found following.  There exists a buffer overflow vulnerability
    in the way  the KCMS_PROFILES environment  variable is handled  by
    the  kcsSUNWIOsolf.so  library.    When  appropriately   exploited
    through  a  kcms_configure  program  it  can  lead to a local root
    compromise on a vulnerable system.

    There also exists a  buffer overflow vulnerability in  a dtsession
    program in a way it handles LANG environment variable.

    Proof  of  concept  codes  for  both  vulnerabilites are avaialble
    at our website at the following addresses:

        http://lsd-pl.net/files/get?SOLARIS/solsparc_kcssunwiosolf
        http://lsd-pl.net/files/get?SOLARIS/solx86_kcssunwiosolf
        http://lsd-pl.net/files/get?SOLARIS/solx86_dtsession

SOLUTION

    Nothing yet.