|
Another buffer over-run bug2) SOLARIS 2.x PASSWD BUFFER OVERRUN VULNERABILITYA buffer overflow has claimed another victim. A vulnerability has been discovered in the passwd program under Solaris 2.3, 2.4 and 2.5. Under 2.5 the yppasswd and nispasswd program are hard links to passwd. The vulnerability results from insufficient bounds checking on the input arguments. The end result is that a malicious user could force the passwd program to execute arbitrary commands. The AUSCERT Advisory, first posted on 2/26/97, is available on: ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.09.Solaris.passwd.buffer.overrun.vul |
Web Author: Ian! D. Allen idallen@idallen.ca Updated: 2003-01-19 05:50 Support free and non-commercial Internet. This site works best in Any Browser, a campaign for non-specific WWW. This work is licensed under a Creative Commons License. |