Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: HP/UX :: unix5280.htm

Compaq Tru64 libc environment variables overflow leads to local root



18th Apr 2002 [SBWID-5280]
COMMAND

	Compaq Tru64 libc environment variables overflow leads to local root

SYSTEMS AFFECTED

	 Compaq Tru64 UNIX V4.0F

	 Compaq Tru64 UNIX V5.0

	 Compaq Tru64 UNIX V5.1

	 Compaq Tru64 UNIX V5.1A

	

PROBLEM

	In Noboru Yoshinaga [yosinaga@lac.co.jp] SNS Advisory No.51 :
	

	Libc included with Compaq Tru64 UNIX is vulnerable to a buffer  overflow
	due to a flaw in the handling of  the  environment  variables  LANG  and
	LOCPATH. Local attackers could elevate privileges by using  a  SUID/SGID
	executable file that links to the vulnerable libc.

SOLUTION

	This problem can be eliminated by applying an appropriate patch to  your
	Tru64 UNIX version based on the information in the following URL:
	 

	http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH