Cipher

Application: fssdispadmin / Opensolaris
Vendors: http://www.opensolaris.org
Date: 4 Jan 2007

Product

fssdispadmin - process scheduler administration

The dispadmin command displays or changes process scheduler parameters while the system is running. FSSdispadmin is for the fair-share class. The fair share scheduler (FSS) guarantees application per- formance by explicitly allocating shares of CPU resources to projects.

Bug

There is a buffer overflow vulnerability in fssdispadmin at line 70
CODE : (void) strcpy(cmdpath, argv[0]);
BUG : if argv[0] larger than 256 chars a BOF condidition will occure

This bug has been reported to opensolaris team.

*Demonstration bug for Bugle

Posted on Thursday, January 4th, 2007 at 10:19 pm in Advisories | rss feed for comments| Responses are currently closed, but you can trackback from your own site.