CERT/CC Vulnerability Note VU#596748

Overview

A vulnerability in Sun Solaris "/usr/lib/utmp_update" may allow a local attacker to gain superuser privileges.

Description

A buffer overflow vulnerability exists in Sun Solaris "/usr/lib/utmp_update". For more information, please see Sun Alert 55260.

Impact

A local attacker may be able to gain superuser privileges.

Solution

Apply a patch.

Vendor Information

596748

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Sun Microsystems Inc. Affected

Updated: June 10, 2003

Status

Affected

Vendor Statement

See http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55260&zone_32=category%3Asecurity.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group	Score	Vector
Base	N/A	N/A
Temporal	N/A	N/A
Environmental		N/A

References

Acknowledgements

Thanks to Sun Microsystems for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

CVE IDs:	None
Severity Metric:	7.50
Date Public:	2003-06-05
Date First Published:	2003-06-10
Date Last Updated:	2003-06-10 16:53 UTC
Document Revision:	6

Software Engineering Institute

CERT Coordination Center

Sun Solaris "/usr/lib/utmp_update" contains buffer overflow

Vulnerability Note VU#596748

Overview

Description

Impact

Solution

Vendor Information

Sun Microsystems Inc. Affected

Status

Vendor Statement

Vendor Information

Addendum

CVSS Metrics

References

Acknowledgements

Other Information

Contact CERT/CC