OSVDB ID: 6602

Title: Multiple BSD libc realpath() Off-by-one Overflow

Info

Disclosure
Jul 31, 2003

Discovery
Unknown

Dates

Exploit
Aug 14, 2003

Solution
Unknown

Description

 A local overflow exists in BSD-derived libc libraries. The realpath() function fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

 Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored
Disclosure: OSVDB Verified

Solution

 Each vendor maintains its own implementation of realpath(), and each has released a patch or upgrade to address the issue. Please refer to the specific vendor advisory for more information.

Products

Apple Computer, Inc.

Mac OS X

 10.0.x
10.1.x
10.2
10.2.1
10.2.2
10.2.3
10.2.4
10.2.5
10.2.6

FreeBSD Project

FreeBSD

 3
4.3
4.4
4.5
4.6
4.7
4.8
5.0

NetBSD Foundation, Inc.

NetBSD

 1.5
1.6

OpenBSD

OpenBSD

 2.x
3.0
3.1
3.2
3.3

References

Credit
  • Wojciech Purczynski - cliphisec.pl - isec.pl
  • Janusz Niewiadomski - funkyshisec.pl - Isec


Direct URL: http://osvdb.org/6602