Orville Write orville-write wrt_me.c Local Overflow

2002-11-26T00:00:00
ID OSVDB:6680
Type osvdb
Reporter Steve Kemp(skx@tardis.ed.ac.uk)
Modified 2002-11-26T00:00:00

Description

Vulnerability Description

A local overflow exists in Orville Write. The "wrt_me" binary fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to the environment variable, a malicious user can cause arbitrary code execution with elevated privileges, possibly root, if the program was installed setuid, or "tty" group privileges, if the program was installed setgid, resulting in a loss of integrity.

Solution Description

Upgrade to version 2.54 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in Orville Write. The "wrt_me" binary fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to the environment variable, a malicious user can cause arbitrary code execution with elevated privileges, possibly root, if the program was installed setuid, or "tty" group privileges, if the program was installed setgid, resulting in a loss of integrity.

References:

Vendor URL: http://www.unixpapa.com/write.html Vendor Specific Advisory URL Vendor Specific Advisory URL Related OSVDB ID: 6679 Related OSVDB ID: 6681 ISS X-Force ID: 12381 CVE-2003-0441 Bugtraq ID: 7988