[24022] in bugtraq
Re: [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities
daemon@ATHENA.MIT.EDU (William D. Colburn (aka Schlake))
Tue Jan 29 13:07:48 2002
Date: Tue, 29 Jan 2002 10:54:57 -0700
From: "William D. Colburn (aka Schlake)" <wcolburn@nmt.edu>
To: Wodahs Latigid <wodahs@mail.com>
Cc: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org
Message-ID: <20020129105457.A30317@nmt.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020129095941.28776.qmail@mail.com>; from wodahs@mail.com on Tue, Jan 29, 2002 at 09:59:41AM +0000
I installed SAS without any suid bits May of 2000, and no one has
complained about anything not working. Removing the suid bit probably
won't hurt anything.
Also, my version is 8.00 and seems only to have the format string
problem, not the buffer overflow.
On Tue, Jan 29, 2002 at 09:59:41AM +0000, Wodahs Latigid wrote:
> IMPACT
>
> sastcpd is installed setuid root by default, and therefore
> full root privileges can be obtained through exploitation
> of either of these vulnerabilities.
> Version tested:
> SAS Job Spawner for Open Systems version 8.01
--
William Colburn, "Sysprog" <wcolburn@nmt.edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/ http://www.nmt.edu/~wcolburn
