ARPUS Ce/Ceterm Environment Variables Buffer Overflow Vulnerability
BID:13461
Info
ARPUS Ce/Ceterm Environment Variables Buffer Overflow Vulnerability
| Bugtraq ID: | 13461 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1395 |
| Remote: | No |
| Local: | Yes |
| Published: | May 02 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery is credited to Kevin Finisterre <[email protected]>. |
| Vulnerable: |
ARPUS Ce/Ceterm 2.5.1 |
| Not Vulnerable: |
ARPUS Ce/Ceterm 2.6 |
Discussion
ARPUS Ce/Ceterm Environment Variables Buffer Overflow Vulnerability
ARPUS Ce/Ceterm is prone to buffer overflows in local environment variables. In many cases, the application runs with the setuid bit set, allowing arbitrary code to be executed with root privileges.
Ce/Ceterm will run as setuid root in many cases. Versions of Ce/Ceterm from 2.6 onwards do not need to be setuid in order to function properly.
ARPUS Ce/Ceterm is prone to buffer overflows in local environment variables. In many cases, the application runs with the setuid bit set, allowing arbitrary code to be executed with root privileges.
Ce/Ceterm will run as setuid root in many cases. Versions of Ce/Ceterm from 2.6 onwards do not need to be setuid in order to function properly.
Exploit / POC
ARPUS Ce/Ceterm Environment Variables Buffer Overflow Vulnerability
The following exploits are available:
The following exploits are available:
Solution / Fix
ARPUS Ce/Ceterm Environment Variables Buffer Overflow Vulnerability
Solution:
The vendor has reported that version 2.6 and later of Ce/Ceterm no longer require the setuid bit to be set.
ARPUS Ce/Ceterm 2.5.1
Solution:
The vendor has reported that version 2.6 and later of Ce/Ceterm no longer require the setuid bit to be set.
ARPUS Ce/Ceterm 2.5.1
-
ARPUS Ce/Ceterm 2.6
http://168.158.26.15/ce/ce/ce.html
References
ARPUS Ce/Ceterm Environment Variables Buffer Overflow Vulnerability
References:
References:
- Ce/Ceterm Home Page (ARPUS)
- DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite' ("KF (lists)"
)