Vulnerability Note VU#877811

Buffer overflow vulnerability in pwck command line utility

Original Release date: 04 Jan 2002 | Last revised: 05 Jul 2002

Overview

The CERT/CC has received a public report of a local buffer overflow vulnerability in the pwck utility.

Description

The pwck utility performs syntax checking of /etc/password and /etc/shadow password information files. This utility contains a buffer overflow vulnerability in the section of code that parses command line arguments. By sending a command line argument string of approximately 3000 characters, it is possible to cause this utility to generate a segmentation fault. On systems where this utility is installed with setuid root privileges, it may be possible for local users to exploit this vulnerability to execute arbitrary code with superuser privileges.

This vulnerability has been reported to affect systems running IRIX and Linux, but other operating systems that include this setuid root utility are likely to be affected.

Impact

This vulnerability may allow a local user to execute arbitrary code with superuser privileges.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Clear the setuid bit of affected binaries

As a workaround, it is possible to limit the scope of this vulnerability by clearing the setuid bit of affected binaries with the chmod utility.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
CalderaNot Affected04 Jan 200207 Jan 2002
ConectivaNot Affected25 Jan 200203 Jun 2002
FreeBSDNot Affected04 Jan 200224 Jan 2002
FujitsuNot Affected04 Jan 200224 Jan 2002
Hewlett PackardNot Affected04 Jan 200224 Jan 2002
IBMNot Affected04 Jan 200209 Jan 2002
NetBSDNot Affected04 Jan 200207 Jan 2002
OpenwallNot Affected-05 Jul 2002
Red Hat Inc.Not Affected04 Jan 200208 Jan 2002
SGINot Affected04 Jan 200207 Jan 2002
Sun Microsystems Inc.Not Affected04 Jan 200207 Jan 2002
Apple Computer Inc.Unknown04 Jan 200204 Jan 2002
BSDIUnknown04 Jan 200204 Jan 2002
Compaq Computer CorporationUnknown04 Jan 200204 Jan 2002
Data GeneralUnknown04 Jan 200204 Jan 2002
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported to several SecurityFocus mailing lists on 01/02/2002 by blackshell@hushmail.com.

This document was written by Jeffrey P. Lanza.

Other Information

  • CVE IDs: Unknown
  • Date Public: 02 Jan 2002
  • Date First Published: 04 Jan 2002
  • Date Last Updated: 05 Jul 2002
  • Severity Metric: 10.69
  • Document Revision: 19

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.