Vulnerability Note VU#6901
Solaris libc getopt(3) contains buffer overflow
Solaris libc getopt(3) contains a buffer overflow vulnerability. Please note the date of this report: 1/27/1997. This does not affect current versions of Solaris.
A buffer overflow condition exists in the getopt(3) routine in Solaris libc. By supplying an invalid option and replacing argv of a SUID program that uses the getopt(3) function with the appropriate address and machine code instructions, it is possible to overwrite the saved stack frame and upon return(s) force the processor to execute user supplied instructions with elevated permissions.
A local user can gain root access.
For those with source:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Sun Microsystems Inc.||Affected||-||25 Sep 2003|
CVSS Metrics (Learn More)
Thanks to L0pht/@stake and Sun for information used in this document.
This document was written by James T. Ellis and updated by Art Manion.
- CVE IDs: Unknown
- Date Public: 27 Jan 97
- Date First Published: 25 Sep 2003
- Date Last Updated: 25 Sep 2003
- Severity Metric: 3.92
- Document Revision: 6
If you have feedback, comments, or additional information about this vulnerability, please send us email.