Sun Solaris NewGRP Local Buffer Overflow Vulnerability
BID:12838
Info
Sun Solaris NewGRP Local Buffer Overflow Vulnerability
| Bugtraq ID: | 12838 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0816 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 18 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue. |
| Vulnerable: |
Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 7.0_x86 Sun Solaris 7.0 Avaya Interactive Response 1.3 Avaya Interactive Response 1.2.1 Avaya Interactive Response Avaya CMS Server 12.0 Avaya CMS Server 11.0 Avaya CMS Server 9.0 Avaya CMS Server 8.0 |
| Not Vulnerable: | |
Discussion
Sun Solaris NewGRP Local Buffer Overflow Vulnerability
A local buffer overflow vulnerability affects Sun Solaris newgrp. This issue is due to a failure of the application to securely copy user-supplied data into potentially sensitive process buffers.
An attacker may leverage this issue to execute arbitrary code with superuser privileges, facilitating local privilege escalation.
A local buffer overflow vulnerability affects Sun Solaris newgrp. This issue is due to a failure of the application to securely copy user-supplied data into potentially sensitive process buffers.
An attacker may leverage this issue to execute arbitrary code with superuser privileges, facilitating local privilege escalation.
Exploit / POC
Sun Solaris NewGRP Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Sun Solaris NewGRP Local Buffer Overflow Vulnerability
Solution:
The vendor has released Sun Alert ID: 57710 along with patches dealing with this issue. Please see the reference section for more information.
Avaya has released an advisory ASA-2005-108 specifying Avaya Call Management System (CMS) and the Avaya Interactive Response (IR) as vulnerable to this issue. CMS patches are available from the vendor. IR patches will be released in the next Solaris patch cluster. Please see the referenced advisory for more information.
Sun Solaris 7.0
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 9
Sun Solaris 9_x86
Sun Solaris 7.0_x86
Solution:
The vendor has released Sun Alert ID: 57710 along with patches dealing with this issue. Please see the reference section for more information.
Avaya has released an advisory ASA-2005-108 specifying Avaya Call Management System (CMS) and the Avaya Interactive Response (IR) as vulnerable to this issue. CMS patches are available from the vendor. IR patches will be released in the next Solaris patch cluster. Please see the referenced advisory for more information.
Sun Solaris 7.0
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 9
Sun Solaris 9_x86
Sun Solaris 7.0_x86
References
Sun Solaris NewGRP Local Buffer Overflow Vulnerability
References:
References: