ARPUS Ce/Ceterm Command Line Buffer Overflow Vulnerability
BID:13464
Info
ARPUS Ce/Ceterm Command Line Buffer Overflow Vulnerability
| Bugtraq ID: | 13464 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1395 |
| Remote: | No |
| Local: | Yes |
| Published: | May 02 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery is credited to Kevin Finisterre <[email protected]>. |
| Vulnerable: |
ARPUS Ce/Ceterm 2.5.1 |
| Not Vulnerable: |
ARPUS Ce/Ceterm 2.6 |
Discussion
ARPUS Ce/Ceterm Command Line Buffer Overflow Vulnerability
ARPUS Ce/Ceterm is prone to a buffer overflow vulnerability when processing command line arguments. In many cases, the application runs with the setuid bit set, allowing arbitrary code to be executed with root privileges.
Ce/Ceterm will run as setuid root in many cases. Versions of Ce/Ceterm from 2.6 onwards do not need to be setuid in order to function properly.
ARPUS Ce/Ceterm is prone to a buffer overflow vulnerability when processing command line arguments. In many cases, the application runs with the setuid bit set, allowing arbitrary code to be executed with root privileges.
Ce/Ceterm will run as setuid root in many cases. Versions of Ce/Ceterm from 2.6 onwards do not need to be setuid in order to function properly.
Exploit / POC
ARPUS Ce/Ceterm Command Line Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
ARPUS Ce/Ceterm Command Line Buffer Overflow Vulnerability
Solution:
The vendor has reported that version 2.6 and later of Ce/Ceterm no longer require the setuid bit to be set.
ARPUS Ce/Ceterm 2.5.1
Solution:
The vendor has reported that version 2.6 and later of Ce/Ceterm no longer require the setuid bit to be set.
ARPUS Ce/Ceterm 2.5.1
-
ARPUS Ce/Ceterm 2.6
http://168.158.26.15/ce/ce/ce.html
References
ARPUS Ce/Ceterm Command Line Buffer Overflow Vulnerability
References:
References:
- Ce/Ceterm Home Page (ARPUS)
- DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite' ("KF (lists)"
)