Security-Enhanced Linux Buffer Overflow Vulnerability
BID:2154
Info
Security-Enhanced Linux Buffer Overflow Vulnerability
| Bugtraq ID: | 2154 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2001-0073 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 26 2000 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | This vulnerability was announced by Matt Power <[email protected]> on December 26, 2000. |
| Vulnerable: |
NSA Security-Enhanced Linux slinux-200012181053 |
| Not Vulnerable: | |
Discussion
Security-Enhanced Linux Buffer Overflow Vulnerability
Security-Enhanced Linux is an add-on access control infrastructure developed and distributed by the U.S. National Security Agency. A problem exists which could allow the altering of sensitive information on a running system.
The problem occurs in the libsecure/get_default_type.c file. get_default_type attempts to allocate buffer space by extracting the default type from /etc/security/default_type and copying the result to a buffer. The buffer that is created, however, is generally one byte too small and creates an ideal situation for a buffer overflow attack. This vulnerability can be exploited by a malicious user to potentially overwrite malloc()'d fields that may contain other application data, or overhead data that another application was relying upon.
Security-Enhanced Linux is an add-on access control infrastructure developed and distributed by the U.S. National Security Agency. A problem exists which could allow the altering of sensitive information on a running system.
The problem occurs in the libsecure/get_default_type.c file. get_default_type attempts to allocate buffer space by extracting the default type from /etc/security/default_type and copying the result to a buffer. The buffer that is created, however, is generally one byte too small and creates an ideal situation for a buffer overflow attack. This vulnerability can be exploited by a malicious user to potentially overwrite malloc()'d fields that may contain other application data, or overhead data that another application was relying upon.
Exploit / POC
Security-Enhanced Linux Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Security-Enhanced Linux Buffer Overflow Vulnerability
References:
References: