|
|
Solaris libauth Buffer Overflow vulnerabilities
There are two buffer overflows present in the versions of libauth shipped with Solaris 2.2, 2.3, 2.4, 2.5, 2.5.1, and 2.6. They allow for a user to overflow the buffers that hold hostname and username in the function ia_open_session() and execute arbitrary code as root. The consequences of this are local or remote root compromise. Potentially vulnerable programs ---------------------------------------------------- 1. login 2. in.ftpd 3. in.uucpd 4. rpc.rexd |
|
Privacy Statement |