Kbase P18060: Can exploit buffer overflow via DLC env variable
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
21/09/2010 |
|
Status: Verified
SYMPTOM(s):
Can exploit DLC environment variable
Effects all executables that have the setuid bit enabled
Could write malicious code onto the stack where it could be executed
FACT(s) (Environment):
UNIX
Progress 9.1D
Progress 9.1D 64-bit
CAUSE:
Bug# OE00084406
CAUSE:
The variable was being passed to the stack with minimal validation.
FIX:
We changed the way the DLC variable is being validated. Attempts to exploit this variable will result in termination of the process without possible recovery.
Fixed in 9.1D05 service pack.