SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#877811

Buffer overflow vulnerability in pwck command line utility

Overview

The CERT/CC has received a public report of a local buffer overflow vulnerability in the pwck utility.

I. Description

The pwck utility performs syntax checking of /etc/password and /etc/shadow password information files. This utility contains a buffer overflow vulnerability in the section of code that parses command line arguments. By sending a command line argument string of approximately 3000 characters, it is possible to cause this utility to generate a segmentation fault. On systems where this utility is installed with setuid root privileges, it may be possible for local users to exploit this vulnerability to execute arbitrary code with superuser privileges.

This vulnerability has been reported to affect systems running IRIX and Linux, but other operating systems that include this setuid root utility are likely to be affected.

II. Impact

This vulnerability may allow a local user to execute arbitrary code with superuser privileges.

III. Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Clear the setuid bit of affected binaries

As a workaround, it is possible to limit the scope of this vulnerability by clearing the setuid bit of affected binaries with the chmod utility.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Unknown4-Jan-2002
BSDIUnknown4-Jan-2002
CalderaNot Vulnerable7-Jan-2002
Compaq Computer CorporationUnknown4-Jan-2002
ConectivaNot Vulnerable3-Jun-2002
Data GeneralUnknown4-Jan-2002
DebianUnknown4-Jan-2002
FreeBSDNot Vulnerable24-Jan-2002
FujitsuNot Vulnerable24-Jan-2002
Hewlett PackardNot Vulnerable24-Jan-2002
IBMNot Vulnerable9-Jan-2002
MandrakeSoftUnknown4-Jan-2002
NEC CorporationUnknown4-Jan-2002
NetBSDNot Vulnerable7-Jan-2002
OpenBSDUnknown4-Jan-2002
OpenwallNot Vulnerable5-Jul-2002
Red Hat Inc.Not Vulnerable8-Jan-2002
SGINot Vulnerable7-Jan-2002
Sony CorporationUnknown4-Jan-2002
Sun Microsystems Inc.Not Vulnerable7-Jan-2002
UnisysUnknown4-Jan-2002

References

VU#121891
http://www.linux.com/develop/man/8/pwck/
http://www.securityfocus.com/archive/82/247920
http://www.kb.cert.org/vuls/id/121891

Credit

This vulnerability was reported to several SecurityFocus mailing lists on 01/02/2002 by blackshell@hushmail.com.

This document was written by Jeffrey P. Lanza.

Other Information

Date Public:2002-01-02
Date First Published:2002-01-04
Date Last Updated:2002-07-05
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:10.69
Document Revision:19

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader