Solaris tip Buffer Overflow Vulnerability
BID:2475
Info
Solaris tip Buffer Overflow Vulnerability
| Bugtraq ID: | 2475 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2001-0401 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 27 2001 12:00AM |
| Updated: | Jul 12 2009 05:56PM |
| Credit: | This vulnerability was discovered by Pablo Sor, and was announced to Bugtraq on March 27, 2001. |
| Vulnerable: |
Sun Solaris 2.5.1 _x86 Sun Solaris 2.5.1 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 7.0_x86 Sun Solaris 7.0 Sun Solaris 2.6_x86 Sun Solaris 2.6 Sun Solaris 2.5_x86 Sun Solaris 2.5 |
| Not Vulnerable: | |
Discussion
Solaris tip Buffer Overflow Vulnerability
tip is a utility included with Sun Microsystems Solaris Operating Environment. tip allows a user to establish a full duplex terminal connection with a remote host.
A problem with tip could lead to a buffer overflow. Due to the improper handling of environment variables by tip, it is possible to overflow a buffer in the program, and execute arbitrary code. The tip binary is suid uucp, and exploitation could lead to an euid of uucp.
Therefore, it is possible for a local user to execute arbitrary code, and gain an euid of uucp, with the potential of gaining privileges elevated to root.
tip is a utility included with Sun Microsystems Solaris Operating Environment. tip allows a user to establish a full duplex terminal connection with a remote host.
A problem with tip could lead to a buffer overflow. Due to the improper handling of environment variables by tip, it is possible to overflow a buffer in the program, and execute arbitrary code. The tip binary is suid uucp, and exploitation could lead to an euid of uucp.
Therefore, it is possible for a local user to execute arbitrary code, and gain an euid of uucp, with the potential of gaining privileges elevated to root.