6602 : Multiple BSD libc realpath() Off-by-one Overflow
Printer | http://osvdb.org/6602 | Email This | Edit Vulnerability

Views This Week
6

Views All Time
257

Info

Last Modified
10 months ago

Percent Complete
100%

Disclosure
Jul 31, 2003

Discovery
Unknown

Dates

Exploit
Aug 14, 2003

Solution
Unknown

Description

 A local overflow exists in BSD-derived libc libraries. The realpath() function fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

 Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Technical

 wu-ftpd implements a function derived from the libc realpath(), called fb_realpath(). A vulnerability was discovered in this function, and an advisory for wu-ftpd was released on July 31, 2003. The discovery of the wu-ftpd bug in fb_realpath() caused the BSD's to take a look at their libc implementations of realpath(), and they found that the error still exists in their implementations, and affected any program which called realpath(). While this vulnerability exists in separate implementations for wu-ftpd and the BSD libc, both inherit the vulnerability from the 4.4BSD codebase.

Solution

 Each vendor maintains its own implementation of realpath(), and each has released a patch or upgrade to address the issue. Please refer to the specific vendor advisory for more information.

Products
Apple Computer, Inc.
Watch-list
Mac OS X
Watch-list
 10.0.x
10.1.x
10.2
10.2.1
10.2.2
10.2.3
10.2.4
10.2.5
10.2.6
FreeBSD Project
Watch-list
FreeBSD
Watch-list
 5.0
4.3
4.4
4.5
4.6
4.7
4.8
3
NetBSD Foundation, Inc.
Watch-list
NetBSD
Watch-list
 1.5
1.6
OpenBSD
Watch-list
OpenBSD
Watch-list
 3.0
3.1
3.2
3.3
2.x

References

Tools & Filters

Nessus

 11811 12413 13555 13605 13801 15194

Snort

 2389 2390 2391

Credit
  • Wojciech Purczynski - cliphBrand New Doo Dooisec.pl - isec.pl
  • Janusz Niewiadomski - funkyshBrand New Doo Dooisec.pl - Isec

Blogs

Provided by Technorati

 None found at this time

Comments

Add Comment

No Comments.

DONATE NOW!

User Status

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use