From snsadv@lac.co.jp Thu Apr 18 12:14:32 2002 From: "snsadv@lac.co.jp" To: bugtraq@securityfocus.com Date: Wed, 17 Apr 2002 14:46:02 +0900 Subject: [SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability ---------------------------------------------------------------------- SNS Advisory No.51 Compaq Tru64 UNIX libc Buffer Overflow Vulnerability Problem first discovered: Sun, 18 Nov 2001 Published: Thu, 17 Apr 2002 ---------------------------------------------------------------------- Overview: --------- Libc included with Compaq Tru64 UNIX contains a buffer overflow vulnerability, which could allow local attackers to elevate privileges. Problem Description: -------------------- Libc included with Compaq Tru64 UNIX is vulnerable to a buffer overflow due to a flaw in the handling of the environment variables LANG and LOCPATH. Local attackers could elevate privileges by using a SUID/SGID executable file that links to the vulnerable libc. Affected Versions: ------------------ Compaq Tru64 UNIX V4.0F Compaq Tru64 UNIX V5.0 Compaq Tru64 UNIX V5.1 Compaq Tru64 UNIX V5.1A Solution: --------- This problem can be eliminated by applying an appropriate patch to your Tru64 UNIX version based on the information in the following URL: Compaq SECURITY BULLETIN (SSRT-541) Potential Security Vulnerabilities in Tru64,Unix,CDE,NFS,and NIS: http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml Discovered by: -------------- Noboru Yoshinaga (LAC) yosinaga@lac.co.jp Disclaimer: ----------- All information in these advisories are subject to change without any advanced notices neither mutual consensus, and each of them is released as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences caused by applying those information.