• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
  • SUN:00189
Date Entry Created
19991125 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (19991214)
Votes (Legacy)
ACCEPT(4) Baker, Blake, Cole, Dik
MODIFY(2) Frech, Stracener
REVIEWING(2) Christey, Prosser
Comments (Legacy)
 Stracener> Add Ref: CIAC: J-069
 Frech> XF:sun-libc-lcmessages
 Prosser> BID 268 is an additional reference for this one as it has info on the Sun
   vulnerability.  However, BID 268 also includes AIX in this vulnerability and
   refs APARS issued to fix a vulnerability in various 'nixs with the Natural
   Language Service environmental variables NSLPATH and PATH_LOCALE depending
   on the 'nix, ref CERT CA-97.10, CVE-1999-0041.  However, Georgi Guninski
   reported a BO in AIX with LC_MESSAGES + mount, also refed in BID 268, so it
   is possible the AIX APARs fix an earlier, similar vulnerability to the Sun
   BO in LC_MESSAGES.   This should probably be considered under a different
   CAN.  Any ideas? 
 Christey> Given that the buffer overflows in CVE-1999-0041 are NLSPATH
   and PATH_LOCALE, I'd say that's good evidence that this is not
   the same problem.  But a buffer overflow in libc in
   LC_MESSAGES... We must ask if these are basically the same
 Christey> While the description indicates multiple programs, CD:SF-EXEC
   does not apply because the vulnerability was in libc, and
   rcp and ufsrestore were both statically linked against libc.
   Thus CD:SF-LOC applies, and a single candidate is maintained
   because the problem occurred in a library.
 Dik> Sun bug 4240566
 Christey> I'm consulting with Casper Dik and Troy Bollinger to see if
   this should be combined with the AIX buffer overflows for
   LC_MESSAGES; current indications are that they should be
 Christey> For further consultation, consider this post, though it's
   associated with CVE-1999-0041:
   BUGTRAQ:19970213 Linux NLSPATH buffer overflow
   Also add "NLSPATH" and "PATH_LOCALE" to the description to
   facilitate search.

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.