IRIX dmplay Buffer Overflow Vulnerability

Bugtraq ID:	1528
Class:	Boundary Condition Error
CVE:
Remote:	No
Local:	Yes
Published:	Aug 02 2000 12:00AM
Updated:	Aug 02 2000 12:00AM
Credit:	This vulnerability was posted to the Bugtraq mailing list by LSD <[email protected]> (Last Stages of Delirium) on August 2, 2000.
Vulnerable:	SGI IRIX 6.3 SGI IRIX 6.2
Not Vulnerable:	SGI IRIX 6.5.8 SGI IRIX 6.5.7 SGI IRIX 6.5.6 SGI IRIX 6.5.4 SGI IRIX 6.5.3 m SGI IRIX 6.5.3 f SGI IRIX 6.5.3 SGI IRIX 6.5.2 m SGI IRIX 6.5.1 SGI IRIX 6.5 SGI IRIX 6.4

IRIX dmplay Buffer Overflow Vulnerability

Certain versions of IRIX ship with a version of dmplay which is vulnerable to a buffer overflow attack. The program, dmplay, is used to play movie files under IRIX. The problem at hand is the way the program handles the DISPLAY variable for the users X terminal. It does not check bounds and therefore is vulnerable to attack by an overly long user supplied string.

IRIX dmplay Buffer Overflow Vulnerability

x

• /data/vulnerabilities/exploits/dmplay.c

IRIX dmplay Buffer Overflow Vulnerability

Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

IRIX dmplay Buffer Overflow Vulnerability

References:

• LSD Home Page (LSD)
  
• SGI Support (Silicon Graphics Inc.)
  
• Welcome to SGI (Silicon Graphics Inc.)