Overview
FTE contains a vulnerability in the processing of certain environment variables that could allow an attacker to execute arbitrary code.
Description
FTE is a text editor available for a variety of operating systems. There is a buffer overflow vulnerability in the way FTE performs bounds checking on certain environment variables. By supplying an overly long string of characters for the HOME or TERM environment variable, a local user could execute arbitrary code on the system with privileges of the FTE process. Typically, FTE is installed with setuid root privileges. |
Impact
A local user could execute arbitrary code with privileges of the FTE process. |
Solution
Upgrade Upgrade to the latest version of FTE as specified by your vendor. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This vulnerability was reported by Steve Kemp.
This document was written by Damon Morda.
Other Information
CVE IDs: | CVE-2003-0648 |
Severity Metric: | 10.69 |
Date Public: | 2004-04-03 |
Date First Published: | 2004-04-16 |
Date Last Updated: | 2004-04-16 13:16 UTC |
Document Revision: | 4 |