Updated: 2003-01-19 05:50

Another buffer over-run bug

2) SOLARIS 2.x PASSWD BUFFER OVERRUN VULNERABILITY

A buffer overflow has claimed another victim. A vulnerability has been discovered in the passwd program under Solaris 2.3, 2.4 and 2.5. Under 2.5 the yppasswd and nispasswd program are hard links to passwd. The vulnerability results from insufficient bounds checking on the input arguments. The end result is that a malicious user could force the passwd program to execute arbitrary commands.

The AUSCERT Advisory, first posted on 2/26/97, is available on:

ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.09.Solaris.passwd.buffer.overrun.vul

Web Author: Ian! D. Allen idallen@idallen.ca      Updated: 2003-01-19 05:50

Internet Free Zone Level 1 logo Support free and non-commercial Internet.

Any Browser logo This site works best in Any Browser, a campaign for non-specific WWW.

Creative Commons License logo This work is licensed under a Creative Commons License.