Solaris cu Buffer Overflow Vulnerability

Solaris cu Buffer Overflow Vulnerability

"cu" is a unix communications program. It is usually installed with enhanced privileges so that it may access hardware communications hardware.

The version of /usr/bin/cu that ships with Solaris contains a buffer overflow vulnerability.

The problem occurs when it copies argv[0] to an internal variable without bounds checking. As a result, if argv[0] exceeds the length of the destination buffer, it will be copied over neighbouring data on the stack.

It may be possible for a local attacker to exploit this vulnerability to gain effective group-id 'uucp'. This may lead to a root compromise.