youbin HOME Variable Overflow

2003-05-06T07:16:11
ID OSVDB:6290
Type osvdb
Reporter Knud Erik Højgaard()
Modified 2003-05-06T07:16:11

Description

Vulnerability Description

A local overflow exists in youbin. The issue is triggered due to improper bounds checking resulting in a buffer overflow. By passing an overly long HOME environment variable to youbin, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A local overflow exists in youbin. The issue is triggered due to improper bounds checking resulting in a buffer overflow. By passing an overly long HOME environment variable to youbin, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.agusa.nuie.nagoya-u.ac.jp/software/agusalab/youbin/youbin-e.html Security Tracker: 1006711 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-05/att-0076/DSR-youbin.txt ISS X-Force ID: 11949 Generic Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2003-05/att-0076/DSR-youbin.pl CVE-2003-0269 Bugtraq ID: 7503