SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   BMV Vendors:   Kybic, Jan
BMV Buffer Overflow in openpsfile() Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1015086
SecurityTracker URL:  http://securitytracker.com/id/1015086
CVE Reference:   CVE-2005-3278   (Links to External Site)
Updated:  Jun 15 2008
Original Entry Date:  Oct 20 2005
Impact:   Execution of arbitrary code via local system, Root access via local system

Version(s): 1.2-17 (Debian version number)
Description:   A vulnerability was reported in BMV. A local user can obtain root privileges.

A local user can create a specially crafted Postscript file that, when processed using BMV, will trigger a stack overflow and execute arbitrary code. On some systems, BMV is configured with set user id (setuid) root user privileges.

The vulnerability resides in the openpsfile() function in gsinterf.c.

If the BMV source is compiled with the M_UNIX flag, then a local user can also exploit a buffer overflow in the vgasco_printf() function.

felinemenace discovered this vulnerability.

The original advisory is available at:

http://felinemenace.org/advisories/bmv_advisory.txt

Impact:   A local user can execute arbitrary code with root privileges.
Solution:   No solution was available at the time of this entry.
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC