• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Century Software Term Command Line Buffer Overflow Vulnerability

Term is a commercially available software package for Unix and Linux operating systems. It is distributed and maintained by Century Software.

Under some circumstances, it may be possible for a local user to execute arbitrary code. Term does not properly check bounds when receiving arguments via the tty option on the commandline. As a result, it is possible for a local user to execute the callin and callout programs of Term, and overwrite process memory. This could result in the overwriting of stack variables, including the return address. The callin and callout programs are by default installed setuid root.