• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Upclient Command Line Argument Buffer Overflow Vulnerability

upclient has been reported prone to a buffer overflow vulnerability when handling command line arguments of excessive length.

It is possible for a local attacker to seize control of the vulnerable application and have malicious arbitrary code executed in the context of upclient. Typically setuid kmem.

An attacker may harness elevated privileges obtained in this way to manipulate arbitrary areas in system memory through /dev/mem or /dev/kmem devices.