Info

Disclosure

Jun 27, 1997

Discovery

Unknown

Dates

Exploit

Jun 27, 1997

Solution

Unknown

Description

A local overflow exists in SVGAlib/zgv. The product fails to verify the length of the HOME environment variable, resulting in a buffer overflow. By setting this variable to an overly long value, arbitrary code can be executed as root, resulting in a loss of availability.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to SVGAlib version 1.2.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

SVGAlib.org	SVGAlib	1.2.10
SVGAlib.org	zgb	2.7

References

CVE ID: 1999-1483 (see also: NVD)
ISS X-Force ID: 3412
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1997_2/0521.html

Credit

KSR[T] - ksrtdec.net -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

SVGAlib.org

SVGAlib

zgb

References

Credit