There is a buffer overflow in ufsrestore, a file restoration utility.
When operating in interactive mode, the pathname parameter of the extract command is not properly bounds checked. When used in conjunction with long pathnames contained in the dump file, an internal buffer can be overflowed, allowing an attacker to overwrite memory and gain root privileges.
A local user can gain root privileges by exploiting this vulnerability.
Apply a Patch
Apply a patch from your vendor.
Disable the setuid bit on ufsrestore
Thanks to Job de Haas (firstname.lastname@example.org) of ITSX BV Amsterdam, The Netherlands (http://www.itsx.com) for reporting this vulnerability to the CERT/CC.
This document was written by Cory F Cohen.
|Date First Published:||2001-04-06|
|Date Last Updated:||2001-11-19 22:38 UTC|