Rational ClearCase DB Loader TERM Environment Variable Buffer Overflow Vulnerability

ClearCase is a commercially available software change management package. It is maintained and distributed by Rational.

A problem with the package could lead to a local user gaining elevated privileges. The problem is in the handling of environment variables by db_loader. db_loader does not correctly handle input from a user's TERM environment variable, making it possible for a local user to execute arbitrary code when 550 bytes of data is placed in TERM.

Since the db_loader program is setuid root, this problem can result in a local user gaining administrative access on a vulnerable system.


Privacy Statement
Copyright 2010, SecurityFocus