Title: Solaris PTExec Buffer Overflow Vulnerability
Severity: HIGH
Description:
SunVTS is the Sun Validation Test Suite, distributed and maintained by Sun Microsystems. The SunVTS is used to test various components of OEM Sun hardware, and can also be used to stress-test components and sub-components.
A problem in the package makes it possible for a local user to gain elevated privileges. A local user exploiting this problem can execute code arbitrarily as root, thus gaining complete administrative access on an affected system. The problem is within the -o option of the ptexec program.
Input is not sufficiently validated by the ptexec program when executed with the -o option. By passing a string of 400 characters with the -o argument when executing the ptexec command, it's possible to create a buffer overflow, overwriting process memory and stack variables, including the return address. As the ptexec program is SUID root, a local user may take advantage of this buffer overflow to execute arbitrary code, and gain a root shell.
ptexec is contained in the SUNWvts package, which is not part of the standard Solaris install. The SUNWvts package can be queried for using the following command:
pkginfo |grep SUNWvts
Affected Products:
- Sun SunVTS 4.0.0
- Sun SunVTS 4.1.0
- Sun SunVTS 4.2.0
- Sun SunVTS 4.3.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
