CERT Advisory: Buffer Overflow in System V Derived Login
"Several implementations of login that are derived from System V allow a user to specify arguments such as environment variables to the process. An array of buffers is used to store these arguments. A flaw exists in the checking of the number of arguments accepted. This flaw permits the array of buffers to be overflowed. From CERT: Several applications use login for authentication to the system. A remotely exploitable buffer overflow exists in login derived from System V [including Solaris 8 and higher]. Attackers can exploit this vulnerability to gain root access to the server.
"On most systems, login is not suid; therefore, it runs as the user who called it. If, however, login is called by an application that runs with greater privileges than those of the user, such as telnetd or rlogind, then the user can exploit this vulnerability to gain the privileges of that program. In the case of telnetd or rlogind, root access is gained....
"This vulnerability can be remotely exploited to gain privileges of the invoker of login. In the case of a program such as telnetd, rlogind, or other suid root programs, root access is gained."
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...