BMV Buffer Overflow in openpsfile() Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1015086 |
|
SecurityTracker URL: http://securitytracker.com/id/1015086
|
|
CVE Reference:
CVE-2005-3278
(Links to External Site)
|
Updated: Jun 15 2008
|
Original Entry Date: Oct 20 2005
|
Impact:
Execution of arbitrary code via local system, Root access via local system
|
|
Version(s): 1.2-17 (Debian version number)
|
Description:
A vulnerability was reported in BMV. A local user can obtain root privileges.
A local user can create a specially crafted Postscript file that, when processed using BMV, will trigger a stack overflow and execute arbitrary code. On some systems, BMV is configured with set user id (setuid) root user privileges.
The vulnerability resides in the openpsfile() function in gsinterf.c.
If the BMV source is compiled with the M_UNIX flag, then a local user can also exploit a buffer overflow in the vgasco_printf() function.
felinemenace discovered this vulnerability.
The original advisory is available at:
http://felinemenace.org/advisories/bmv_advisory.txt
|
Impact:
A local user can execute arbitrary code with root privileges.
|
Solution:
No solution was available at the time of this entry.
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 20 Oct 2005 01:14:07 -0400
Subject: BitMap Viewer (BMV) vulnerability
|
http://felinemenace.org/advisories/bmv_advisory.txt
|
|
