OP XAUTHORITY Variable Local Privilege Escalation Vulnerability

Bugtraq ID:	30226
Class:	Boundary Condition Error
CVE:	CVE-2008-3229
Remote:	No
Local:	Yes
Published:	Jul 14 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	Nico Golde
Vulnerable:	OP op 1.32
Not Vulnerable:

OP XAUTHORITY Variable Local Privilege Escalation Vulnerability

The OP utility is prone to a local privilege-escalation vulnerability caused by a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue results in the complete compromise of affected computers.

OP 1.32 is vulnerable; other versions may also be affected.

OP XAUTHORITY Variable Local Privilege Escalation Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

OP XAUTHORITY Variable Local Privilege Escalation Vulnerability

Solution:
Fixes have been committed to the SCM repository for the project. Users of affected packages should contact the vendor for information on obtaining and applying fixes.

OP XAUTHORITY Variable Local Privilege Escalation Vulnerability

References:

• Changeset 563 (Alec Thomas)
  
• CVE id request: op (Nico Golde)
  
• OP Project Page (Alec Thomas)