Calendar Manager
CVE 1999-0320
CVE 1999-0696
Impact
A vulnerability in cmsd could allow a remote
attacker to execute arbitrary commands with root privileges.
Background
cmsd is the Calendar Manager Service Daemon,
which is distributed with the Common Desktop Environment (CDE)
and OpenWindows. It manages appointment and resource-scheduling data.
The Problem
Due to insufficient bounds checking on input arguments which may be supplied by local users,
as well as remote users, it is possible to overwrite the internal stack space (where a
program stores information to be used during its execution) of the
cmsd program while it is executing a specific rpc routine.
By supplying a
carefully designed input argument to the cmsd program, intruders may be able to force
cmsd to execute arbitrary commands as the user running cmsd. In most instances,
that user will be root. This vulnerability can be exploited by local
users. It can also be exploited remotely without the intruder requiring a valid local
account if cmsd is accessible via the network.
SunOS, Solaris, HP-UX, and SCO UnixWare 7 are known to be vulnerable to this attack.
CVE 1999-0320
In SunOS and Solaris prior to version 2.5.1, there is a second vulnerability
which could allow an attacker to overwrite arbitrary files.
Resolution
This vulnerability can be fixed by applying the appropriate patch.
Check Appendix A of
CERT Advisory 99-08 for patch information for your operating
system.
An alternative solution is to simply disable cmsd
if your site does not use the Calendar Manager Service.
Where can I read more about this?
You can read more about the buffer overflow vulnerability in
CERT Advisory 99-08. For information on the second vulnerability,
see the X-Force Alert.