Vulnerability Note VU#877811
Buffer overflow vulnerability in pwck command line utility
The CERT/CC has received a public report of a local buffer overflow vulnerability in the pwck utility.
The pwck utility performs syntax checking of /etc/password and /etc/shadow password information files. This utility contains a buffer overflow vulnerability in the section of code that parses command line arguments. By sending a command line argument string of approximately 3000 characters, it is possible to cause this utility to generate a segmentation fault. On systems where this utility is installed with setuid root privileges, it may be possible for local users to exploit this vulnerability to execute arbitrary code with superuser privileges.
This vulnerability has been reported to affect systems running IRIX and Linux, but other operating systems that include this setuid root utility are likely to be affected.
This vulnerability may allow a local user to execute arbitrary code with superuser privileges.
The CERT/CC is currently unaware of a practical solution to this problem.
Clear the setuid bit of affected binaries
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Caldera||Not Affected||04 Jan 2002||07 Jan 2002|
|Conectiva||Not Affected||25 Jan 2002||03 Jun 2002|
|FreeBSD||Not Affected||04 Jan 2002||24 Jan 2002|
|Fujitsu||Not Affected||04 Jan 2002||24 Jan 2002|
|Hewlett Packard||Not Affected||04 Jan 2002||24 Jan 2002|
|IBM||Not Affected||04 Jan 2002||09 Jan 2002|
|NetBSD||Not Affected||04 Jan 2002||07 Jan 2002|
|Openwall||Not Affected||-||05 Jul 2002|
|Red Hat Inc.||Not Affected||04 Jan 2002||08 Jan 2002|
|SGI||Not Affected||04 Jan 2002||07 Jan 2002|
|Sun Microsystems Inc.||Not Affected||04 Jan 2002||07 Jan 2002|
|Apple Computer Inc.||Unknown||04 Jan 2002||04 Jan 2002|
|BSDI||Unknown||04 Jan 2002||04 Jan 2002|
|Compaq Computer Corporation||Unknown||04 Jan 2002||04 Jan 2002|
|Data General||Unknown||04 Jan 2002||04 Jan 2002|
CVSS Metrics (Learn More)
This vulnerability was reported to several SecurityFocus mailing lists on 01/02/2002 by firstname.lastname@example.org.
This document was written by Jeffrey P. Lanza.
- CVE IDs: Unknown
- Date Public: 02 Jan 2002
- Date First Published: 04 Jan 2002
- Date Last Updated: 05 Jul 2002
- Severity Metric: 10.69
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.