Richard Everitt Pileup Buffer Overflow Vulnerability

Pileup is a Linux morse code simulator for amateur radio operators which uses SoundBlaster hardware.

Pileup version 1.1 has been found to contain two buffer overflow vulnerabilities due to insecurely structured calls to 'scanf', in which strings of arbitrary length are copied into local variables without sufficient bounds checking.

If the length of either string, read from standard input, exceeds the size of its input buffer, the excess data will overwrite other variables on the stack and the stack frame itself.

As a result, since the program is installed suid root, an attacker can replace the affected function's return address with a pointer to malicious shellcode, allowing arbitrary code to run with root privilege.


Privacy Statement
Copyright 2010, SecurityFocus