CVE-1999-0767

• MISC:https://marc.info/?l=bugtraq&m=87602167420557&w=2
• SUN:00189

 Stracener> Add Ref: CIAC: J-069
 Frech> XF:sun-libc-lcmessages
 Prosser> BID 268 is an additional reference for this one as it has info on the Sun
   vulnerability.  However, BID 268 also includes AIX in this vulnerability and
   refs APARS issued to fix a vulnerability in various 'nixs with the Natural
   Language Service environmental variables NSLPATH and PATH_LOCALE depending
   on the 'nix, ref CERT CA-97.10, CVE-1999-0041.  However, Georgi Guninski
   reported a BO in AIX with LC_MESSAGES + mount, also refed in BID 268, so it
   is possible the AIX APARs fix an earlier, similar vulnerability to the Sun
   BO in LC_MESSAGES.   This should probably be considered under a different
   CAN.  Any ideas? 
 Christey> Given that the buffer overflows in CVE-1999-0041 are NLSPATH
   and PATH_LOCALE, I'd say that's good evidence that this is not
   the same problem.  But a buffer overflow in libc in
   LC_MESSAGES... We must ask if these are basically the same
   codebase.
   
   ADDREF CIAC:J-069
 Christey> While the description indicates multiple programs, CD:SF-EXEC
   does not apply because the vulnerability was in libc, and
   rcp and ufsrestore were both statically linked against libc.
   Thus CD:SF-LOC applies, and a single candidate is maintained
   because the problem occurred in a library.
 Dik> Sun bug 4240566
 Christey> I'm consulting with Casper Dik and Troy Bollinger to see if
   this should be combined with the AIX buffer overflows for
   LC_MESSAGES; current indications are that they should be
   split.
 Christey> For further consultation, consider this post, though it's
   associated with CVE-1999-0041:
   BUGTRAQ:19970213 Linux NLSPATH buffer overflow
   http://www.securityfocus.com/archive/1/6296
   Also add "NLSPATH" and "PATH_LOCALE" to the description to
   facilitate search.