Solaris 2.7 x86's sacadm has a buffer overflow in the processing of command line arguments. Perl code to test for the bug included.
3a600355f3aad555bb91e5d3bf28689c25c62071e1846b2ddf751c180bc9efd9
-rwsr-xr-x 1 root sys 23004 14 06:12 /usr/sbin/sacadm
The problem like this :
main()
{
char buff[512];
. . . .
getopt(". . f:. . ");
. . . .
case 'f':
{
. . . .
sprintf(buff," .. -f %s . . . ", optarg);
}
. . . .
}
Test : sacadm -f `perl -e 'print "A"x6000'`
Thanks warning3@nsfocus.com for talk about this problem.
Advice: chmod u-s sacadm
It is hard to exploit for other options check.
Sorry for my poor english.
watercloud
----------
safesuite@263.net
watercloud@xfocus.org