search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Buffer overflow vulnerability in pwck command line utility

Vulnerability Note VU#877811

Original Release Date: 2002-01-04 | Last Revised: 2002-07-05

Overview

The CERT/CC has received a public report of a local buffer overflow vulnerability in the pwck utility.

Description

The pwck utility performs syntax checking of /etc/password and /etc/shadow password information files. This utility contains a buffer overflow vulnerability in the section of code that parses command line arguments. By sending a command line argument string of approximately 3000 characters, it is possible to cause this utility to generate a segmentation fault. On systems where this utility is installed with setuid root privileges, it may be possible for local users to exploit this vulnerability to execute arbitrary code with superuser privileges.

This vulnerability has been reported to affect systems running IRIX and Linux, but other operating systems that include this setuid root utility are likely to be affected.

Impact

This vulnerability may allow a local user to execute arbitrary code with superuser privileges.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Clear the setuid bit of affected binaries

As a workaround, it is possible to limit the scope of this vulnerability by clearing the setuid bit of affected binaries with the chmod utility.

Vendor Information

877811
 

View all 21 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported to several SecurityFocus mailing lists on 01/02/2002 by blackshell@hushmail.com.

This document was written by Jeffrey P. Lanza.

Other Information

CVE IDs: None
Severity Metric: 10.69
Date Public: 2002-01-02
Date First Published: 2002-01-04
Date Last Updated: 2002-07-05 21:19 UTC
Document Revision: 19

Sponsored by CISA.