• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NetBSD LibC SetLocale Buffer Overflow Vulnerability

A buffer overflow vulnerability has been discovered in NetBSD versions 1.5.3 and earlier.

The buffer overflow is reported to occur in the setlocale() function in libc. This vulnerability is reportedly exploitable when certain specific conditions are met. The vulnerability when successfully exploited, will give a local user root access to the system.

A number of programs, such as xterm and zsh, may meet the conditions needed for successful exploitation.