CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
21.6%
There is a buffer overflow in ufsrestore, a file restoration utility.
When operating in interactive mode, the pathname parameter of the extract command is not properly bounds checked. When used in conjunction with long pathnames contained in the dump file, an internal buffer can be overflowed, allowing an attacker to overwrite memory and gain root privileges.
A local user can gain root privileges by exploiting this vulnerability.
Apply a Patch
Apply a patch from your vendor.
Disable the setuid bit on ufsrestore
You can prevent this vulnerability from being exploited by removing the setuid bit from ufsrestore.
36866
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: March 17, 2001 Updated: November 19, 2001
Affected
This issue has been addressed by the following patchIDs:
103261-08 SunOS 5.5: ufsdump & ufsrestore patch
103262-08 SunOS 5.5_x86: ufsdump & ufsrestore patch
103640-35 SunOS 5.5.1: kernel, nisopaccess, & libthread patch
103641-35 SunOS 5.5.1_x86: kernel, nisopaccess, & libthread patch
105722-07 SunOS 5.6: /usr/lib/fs/ufs/ufsdump and ufsrestore patch
105723-07 SunOS 5.6_x86: /usr/lib/fs/ufs/ufsdump and ufsrestore patch
106793-07 SunOS 5.7: ufsdump and ufsrestore patch
106794-07 SunOS 5.7_x86: ufsdump and ufsrestore patch
109091-04 SunOS 5.8: /usr/lib/fs/ufs/ufsrestore patch
110387-03 SunOS 5.8: ufssnapshots support, ufsdump patch
109092-04 SunOS 5.8_x86: /usr/lib/fs/ufs/ufsrestore patch
110402-02 SunOS 5.8_x86: ufsdump patch
The vendor has not provided us with any further information regarding this vulnerability.
Sun security bulletin #210 describes this vulnerability and the patches to correct it.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%2336866 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Job de Haas ([email protected]) of ITSX BV Amsterdam, The Netherlands (http://www.itsx.com) for reporting this vulnerability to the CERT/CC.
This document was written by Cory F Cohen.
CVE IDs: | CVE-2000-0471 |
---|---|
Severity Metric: | 16.71 Date Public: |