BSD 4.2/4.3 passwd Shell passwd.c desbordamiento de búfer

ArtículoeditarHistoryDiffjsonxmlCTI

Una vulnerabilidad clasificada como crítica fue encontrada en BSD 4.2/4.3. Una función desconocida del archivo passwd.c del componente passwd Shell Handler es afectada por esta vulnerabilidad. Aplicando un parche es posible eliminar el problema. El parche puede ser descargado de cert.org. Una solución posible ha sido publicada inmediatamente después de la publicación de la vulnerabilidad.

Campo2014-06-16 15:192019-05-07 10:48
nameBSDBSD
version4.2/4.34.2/4.3
componentpasswd Shell Handlerpasswd Shell Handler
filepasswd.cpasswd.c
affectedlistBSD Windriver BSDOSBSD Windriver BSDOS
risk22
historic00
cvss2_vuldb_basescore6.66.6
cvss2_vuldb_tempscore5.75.7
cvss2_vuldb_avLL
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_nvd_avLL
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciCC
cvss2_nvd_iiCC
cvss2_nvd_aiCC
cvss3_meta_basescore8.88.8
cvss3_meta_tempscore8.48.4
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore8.48.4
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sCC
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
date598665600 (1988-12-21)598665600 (1988-12-21)
locationCERT.orgCERT.org
typeAdvisoryAdvisory
urlhttp://www.cert.org/advisories/CA-1989-01.htmlhttp://www.cert.org/advisories/CA-1989-01.html
identifierCA-1989-01CA-1989-01
disputed00
price_0day$0-$5k$0-$5k
namePatchPatch
date598665600 (1988-12-21)598665600 (1988-12-21)
patch_urlhttp://www.cert.org/historical/advisories/CA-1989-01.cfmhttp://www.cert.org/historical/advisories/CA-1989-01.cfm
cveCVE-1999-1471CVE-1999-1471
cve_nvd_published599616000599616000
cve_nvd_summarybuffer overflow in passwd in bsd based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or gecos field.buffer overflow in passwd in bsd based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or gecos field.
osvdb58495849
osvdb_titleBSD passwd Multiple Field Local OverflowBSD passwd Multiple Field Local Overflow
securityfocus44
securityfocus_date598665600 (1988-12-21)598665600 (1988-12-21)
securityfocus_classBoundary Condition ErrorBoundary Condition Error
securityfocus_titleBSD passwd buffer overflow VulnerabilityBSD passwd buffer overflow Vulnerability
xforce71527152
xforce_identifierbsd-passwd-bobsd-passwd-bo
cwe119 (desbordamiento de búfer)119 (desbordamiento de búfer)
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
person_nameKeith Bostic
osvdb_create1081464463

Do you know our Splunk app?

Download it now for free!