FreeBSD Security Advisory - catopen() may pose security risk for third party code. The catopen() function did not correctly bounds-check an internal buffer which could be indirectly overflowed by the setting of an environment variable. A privileged application which uses catopen() could be made to execute arbitrary code by an unprivileged local user. The catopen() and setlocale() functions could be made to use an arbitrary file as the source for localized data and message catalogs, instead of one of the system files. An attacker could create a file which is a valid locale file or message catalog but which contains special formatting characters which may allow certain badly written privileged applications to be exploited and execute arbitrary code as the privileged user. Patches are available.
7cb98675a822bc8edd2fd3f6bd3b7b4a6cf3569063738705e6b569c0c74c79bf
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed