Title: Top Home Environment Variable Local Buffer Overflow Vulnerability
Severity: MODERATE
Description:
top is a freely available, open source process monitoring utility. It is available for various Unix and Linux platforms.
A buffer overflow condition has been reported in top when handling environment variables of excessive length. This may result in an attacker potentially executing arbitrary code.
The problem is in the checking of bounds on the HOME environment variable. top does not properly handle input of excessive length in the HOME environment variable. By placing a string of excessive length (1100 bytes) in this environment variable, an attacker may be able to corrupt sensitive process memory, and potentially execute arbitrary code with the privileges of the top program.
It should be noted that top is typically installed with the setuid root bit set.
Additionally, although top versions less than or equal to version 2.0.11 have been reported vulnerable, it should be noted that other versions might also be vulnerable.
Affected Products:
- William LeFebvre top 1.0.0
- William LeFebvre top 1.2.0
- William LeFebvre top 1.3.0
- William LeFebvre top 1.4.0
- William LeFebvre top 1.5.0
- William LeFebvre top 1.6.0
- William LeFebvre top 1.7.0
- William LeFebvre top 1.8.0
- William LeFebvre top 2.0.0
- William LeFebvre top 2.0.0pre
- William LeFebvre top 2.0.11
References:
- William LeFebvre: top Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
