Sun Solaris RCP Command Line Argument Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Sun Solaris RCP Command Line Argument Buffer Overflow Vulnerability

It has been reported that a memory corruption issue exists in rcp. By executing rcp on a local system with excessively long command-line arguments, a user may produce a segmentation fault. An attacker must execute rcp with 10000 bytes the fields for the file name, destination host name, and destination file name each. As rcp is a setuid root executable, it may be possible to gain elevated privileges.