Title: DG/UX lpsched Long Error Message Buffer Overflow Vulnerability
Severity: MODERATE
Description:
DGUX is the UNIX Operating System of Data General. It is designed as a solution for intel systems produced by Data General.
A vulnerability has been discovered in the error message handling code of lpsched, and can result in a buffer overflow.
Upon receiving a long request from the user for a system that does not exist, the lpsched program attempts to return an error message to the user. Upon attempting to print the error message to stdout, a buffer overflow occurs.
The overflow occurs in the error handling portion of the program. Upon failure to print to the non-existing system bearing an extremely long name, an attempt to print an error message to stdout with the name of the system fails, ending in a segmentation fault. The failure is due to an overflow of the buffer containing the system name, when the attempt to print the error to stdout is made.
Affected Products:
- Data General DG/UX 4.20.0MU02
- Data General DG/UX 4.20.0MU06
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
