CVE-2004-0800

Name of the Vulnerable Software and Affected Versions CDE Mailer (dtmail) versions on Solaris 8 and 9

Description A format string issue in CDE Mailer (dtmail) allows local users to gain privileges by using format strings in the argv[0] value.

Recommendations For CDE Mailer (dtmail) on Solaris 8 and 9, consider restricting access to the dtmail service until a fix is available. As a temporary workaround, avoid using the argv[0] value in the dtmail application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.