GCOS-III FILSYS Buffer Allocation Information Disclosure

1972-10-01T00:00:00
ID OSVDB:22138
Type osvdb
Reporter OSVDB
Modified 1972-10-01T00:00:00

Description

Vulnerability Description

GCOS-III contains a flaw that may allow a local user to gain elevated privileges. The issue is due to the buffer space made available by the caller to the File System (FILSYS) modules not being zeroed out before return to the caller. By supplying a systematic value to the System Master Catalog (SMC), FILESYS would return an error but not zero the buffer, which could disclose sensitive information such as user login and passwords.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

GCOS-III contains a flaw that may allow a local user to gain elevated privileges. The issue is due to the buffer space made available by the caller to the File System (FILSYS) modules not being zeroed out before return to the caller. By supplying a systematic value to the System Master Catalog (SMC), FILESYS would return an error but not zero the buffer, which could disclose sensitive information such as user login and passwords.

References:

Other Advisory URL: http://seclab.cs.ucdavis.edu/projects/history/papers/ande72.pdf Generic Informational URL: http://en.wikipedia.org/wiki/GCOS