SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   hztty Vendors:   Zhang, Yongguang
hztty Buffer Overflows Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1007756
SecurityTracker URL:  http://securitytracker.com/id/1007756
CVE Reference:   CVE-2003-0783   (Links to External Site)
Updated:  Jun 14 2008
Original Entry Date:  Sep 19 2003
Impact:   Execution of arbitrary code via local system, Root access via local system


Description:   Two buffer overflow vulnerabilities were reported in 'hztty'. A local user can execute arbitrary code to gain elevated privileges.

It is reported that on some systems, hztty may be configured with set user id (setuid) root user privileges. On those systems, a local user can execute arbitrary code with root privileges.

The nature of the buffer overflow flaws was not disclosed.

Impact:   A local user can execute arbitrary code with root privileges.
Solution:   No upstream solution was available at the time of this entry.

Debian has released a fix [see the Message History -- a separate alert will be issued regarding the Debian fix].

Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 19 2003 (Debian Issues Fix) hztty Buffer Overflows Let Local Users Gain Elevated Privileges
Debian has released a fix.



 Source Message Contents

Subject:  CVE-2003-0783


CVE: CAN-2003-0783

Debian reported that 'hztty' contains two buffer overflow vulnerabilities.  A local
user may be able to execute arbitrary code, potentially with root privileges.

Debian has issued a fix, described in their DSA 385-1 security advisory.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC