Kbase P17166: Can exploit buffer overflow via BINPATHX env variable
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
6/23/2003 |
|
Status: Unverified
SYMPTOM(s):
Can exploit BINPATHX environment variable
Could write malicious code onto the stack where it could be executed
CAUSE:
Bug# 20021204-047
CAUSE:
Variable was being passed to the stack without length validation
FIX:
We changed the way the BINPATHX variable is being written to the stack. Attempts to exploit this variable may still result in a fatal signal being sent and the process crashing. However any CPU instructions embedded in this variable will not be executed due to the change in our handling of this variable.
Fixed in 9.1D05 service pack.