Sun CDE打印浏览中的dtprintinfo(1)函数漏洞

yirui

存在问题：CDE打印浏览程序提供一种图形界面，此界面可以以图形方式显示打印队列和打印任务以及其它信息。在CDE打印浏览程序中的dtprintinfo(1)函数存在攻击者执行任意代码或命令的漏洞。\n\n操作系统：Sun Sparc和x86操作平台运行的Solaris 2.6, 7, 8,和 9.\n\nSPARC 操作系统 \nSolaris 2.6 without patch 106437-04 \nSolaris 7 without patch 107885-09 \nSolaris 8 without patch 110335-03 \nSolaris 9 without patch 114495-01 \nx86 操作系统 \nSolaris 2.6 without patch 106438-04 \nSolaris 7 without patch 107886-09 \nSolaris 8 without patch 110336-03 \nSolaris 9 without patch 114496-01 \n\n危害：以系统权限运行CDE打印浏览。本地用户能够运用系统权限执行任意代码。\n\n解决方案：用户可以从以下地址下载相应补丁并安装。\n\nSPARC 操作系统 \nSolaris 2.6 with patch 106437-04 or later \nhttp://sunsolve.sun.com/pub-cgi/ ... d=106437&rev=04\nSolaris 7 with patch 107885-09 or later \nhttp://sunsolve.sun.com/pub-cgi/ ... d=107885&rev=09\nSolaris 8 with patch 110335-03 or later\nhttp://sunsolve.sun.com/pub-cgi/ ... d=110335&rev=03 \nSolaris 9 with patch 114495-01 or later \nhttp://sunsolve.sun.com/pub-cgi/ ... d=114495&rev=01\n\nx86 操作系统\nSolaris 2.6 with patch 106438-04 or later\nhttp://sunsolve.sun.com/pub-cgi/ ... d=106438&rev=04 \nSolaris 7 with patch 107886-09 or later \nhttp://sunsolve.sun.com/pub-cgi/ ... d=107886&rev=09\nSolaris 8 with patch 110336-03 or later \nhttp://sunsolve.sun.com/pub-cgi/ ... d=110336&rev=03\nSolaris 9 with patch 114496-01 or later \nhttp://sunsolve.sun.com/pub-cgi/ ... d=114496&rev=01