• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU GNATS Environment Variable Buffer Overflow Vulnerability

It has been reported that GNATS is prone to a buffer overflow condition when parsing certain environment variables.

An attacker can exploit this vulnerability by setting an overly long environment variable and invoking one of several GNATS utilities. This will trigger the overflow condition and will result in the corruption of sensitive memory.

Successful exploitation may result in the execution of attacker-supplied code with elevated privileges.