BSD passwd buffer overflow Vulnerability

The passwd program be used to change an users GECOS
field and shell. When used in this way the password program
will allow the new shell or GECOS field to be longer than
BUFSIZ. This will cause programs that read records of
the password file and stores them in BUFSIZ buffers to
overflow their buffers.

This problem also exists in some Berkeley derived systems.


 

Privacy Statement
Copyright 2010, SecurityFocus