Cray UNICOS /usr/bin/script Command Line Argument Local Overflow

ID SSV:80685
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges.

Successful exploitation could result in execution of malicious machine code with superuser privileges, facilitating the complete compromise of affected computers.

These issues are reported in version of UNICOS; other versions may also be affected. 

for '/usr/bin/script':
script `perl -e 'print "A"x1000'`