Cray UNICOS /usr/bin/script Command Line Argument Local Overflow

2014-07-01T00:00:00
ID SSV:80685
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/16205/info

Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges.

Successful exploitation could result in execution of malicious machine code with superuser privileges, facilitating the complete compromise of affected computers.

These issues are reported in version 9.0.2.2 of UNICOS; other versions may also be affected. 

for '/usr/bin/script':
script `perl -e 'print "A"x1000'`