local privilege escalation in scotty

ID SUSE-SA:2001:023
Type suse
Reporter Suse
Modified 2001-07-02T16:45:23


Tkined's Scotty is a Tcl extension to build network management applications. Ntping, a ping/traceroute program, is part of the Scotty package. It's failure is to read a hostname as commandline option without checking the size. This leads to a bufferoverrun, that could be used to gain root privileges, because ntping is installed setuid root and is executeable by everyone.