CVE

Id
1633  
CVE No.
CVE-2000-0055  
Status
Candidate  
Description
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.  
Phase
Proposed (20000125)  
Votes
MODIFY(2) Baker, Frech | NOOP(1) Dik  
Comments
Frech> XF:sol-chkperm-bo(3870) | Dik> chkperm runs set-uid bin, so initially the access granted | will be user bin, not root. (Though bin access can easily be leveraged | to root access, less so in Solaris 8+) | Also, there is reason to believe this bug is not exploitable; the buffer | overflown is declared in the stack in main(); yet, the program never | returns from main() but calls exit instead so any damage to return addresses | is never noticed. | Baker> Maybe the details from Caspar could be included, or modify the description somewhat  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
5095 1633 CVE-2000-0055 BUGTRAQ:20000106 [Hackerslab bug_paper] Solaris chkperm buffer overflow  View
5096 1633 CVE-2000-0055 BID:918  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
64222 JVNDB-2000-000002 Sun Solaris の chkperm におけるバッファオーバーフローの脆弱性 Sun Solaris の chkperm コマンドには、 -r オプションを解釈するコマンドライン引数用のバッファに不備があるため、バッファオーバーフローが発生する脆弱性が存在します。 CVE-2000-0055 1633 7.2 http://jvndb.jvn.jp/ja/contents/2000/JVNDB-2000-000002.html  View