Vulnerability Note VU#877811
Buffer overflow vulnerability in pwck command line utility
Overview
The CERT/CC has received a public report of a local buffer overflow vulnerability in the pwck utility.
Description
The pwck utility performs syntax checking of /etc/password and /etc/shadow password information files. This utility contains a buffer overflow vulnerability in the section of code that parses command line arguments. By sending a command line argument string of approximately 3000 characters, it is possible to cause this utility to generate a segmentation fault. On systems where this utility is installed with setuid root privileges, it may be possible for local users to exploit this vulnerability to execute arbitrary code with superuser privileges. This vulnerability has been reported to affect systems running IRIX and Linux, but other operating systems that include this setuid root utility are likely to be affected. |
Impact
This vulnerability may allow a local user to execute arbitrary code with superuser privileges. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
Clear the setuid bit of affected binaries |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Caldera | Not Affected | 04 Jan 2002 | 07 Jan 2002 |
| Conectiva | Not Affected | 25 Jan 2002 | 03 Jun 2002 |
| FreeBSD | Not Affected | 04 Jan 2002 | 24 Jan 2002 |
| Fujitsu | Not Affected | 04 Jan 2002 | 24 Jan 2002 |
| Hewlett Packard | Not Affected | 04 Jan 2002 | 24 Jan 2002 |
| IBM | Not Affected | 04 Jan 2002 | 09 Jan 2002 |
| NetBSD | Not Affected | 04 Jan 2002 | 07 Jan 2002 |
| Openwall | Not Affected | - | 05 Jul 2002 |
| Red Hat Inc. | Not Affected | 04 Jan 2002 | 08 Jan 2002 |
| SGI | Not Affected | 04 Jan 2002 | 07 Jan 2002 |
| Sun Microsystems Inc. | Not Affected | 04 Jan 2002 | 07 Jan 2002 |
| Apple Computer Inc. | Unknown | 04 Jan 2002 | 04 Jan 2002 |
| BSDI | Unknown | 04 Jan 2002 | 04 Jan 2002 |
| Compaq Computer Corporation | Unknown | 04 Jan 2002 | 04 Jan 2002 |
| Data General | Unknown | 04 Jan 2002 | 04 Jan 2002 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- VU#121891
- http://www.linux.com/develop/man/8/pwck/
- http://www.securityfocus.com/archive/82/247920
- http://www.kb.cert.org/vuls/id/121891
Credit
This vulnerability was reported to several SecurityFocus mailing lists on 01/02/2002 by blackshell@hushmail.com.
This document was written by Jeffrey P. Lanza.
Other Information
- CVE IDs: Unknown
- Date Public: 02 Jan 2002
- Date First Published: 04 Jan 2002
- Date Last Updated: 05 Jul 2002
- Severity Metric: 10.69
- Document Revision: 19
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.