super Syslog Utility Local Overflow

1999-02-25T00:00:00
ID OSVDB:5888
Type osvdb
Reporter c0nd0r (condor@sekure.org)
Modified 1999-02-25T00:00:00

Description

Vulnerability Description

A local overflow exists in Debian Supper. The Debian fails to a uncheck buffer when a syslog option is enabled resulting in a steak overflow. With a specially crafted request, an attacker can gain root privilage resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Debian has released a patch to address this vulnerability or as a workaround, remove the suid bit from the super binary(chmod u-s /usr/local/bin/super)

Short Description

A local overflow exists in Debian Supper. The Debian fails to a uncheck buffer when a syslog option is enabled resulting in a steak overflow. With a specially crafted request, an attacker can gain root privilage resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Advisory URL Other Advisory URL: http://www.sekure.org Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_1/0908.html ISS X-Force ID: 1832 CVE-1999-0381 Bugtraq ID: 342