ArcInfo Workstation asmaster Local Overflow

2005-04-30T08:10:43
ID OSVDB:16059
Type osvdb
Reporter Kevin Finisterre(kf@digitalmunition.com)
Modified 2005-04-30T08:10:43

Description

Vulnerability Description

A local overflow exists in ESRI ArcInfo Workstation. Asmaster fails to handle overly long command line arguments issued resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary files with root access resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, ESRI has released a patch to address this vulnerability.

Short Description

A local overflow exists in ESRI ArcInfo Workstation. Asmaster fails to handle overly long command line arguments issued resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary files with root access resulting in a loss of integrity.

Manual Testing Notes

-bash-2.05b# ./asmaster perl -e 'print "A" x 2285' b FATAL ERROR Segment Violation

-bash-2.05b# ./asuser perl -e 'print "A" x 694' a a a FATAL ERROR Segment Violation

References:

Vendor URL: http://www.esri.com/ Vendor Specific Solution URL: http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1020 Vendor Specific Solution URL: http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015 Security Tracker: 1013852 Secunia Advisory ID:15196 Related OSVDB ID: 16062 Related OSVDB ID: 16061 Related OSVDB ID: 16063 Related OSVDB ID: 16057 Related OSVDB ID: 16058 Related OSVDB ID: 16060 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0656.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0542.html Keyword: #409658 Keyword: defect number CQ00261045 CVE-2005-1393