Fssdispadmin Buffer Overflow
| January 4th, 2007Application: fssdispadmin / Opensolaris
Vendors: http://www.opensolaris.org
Date: 4 Jan 2007
Product
fssdispadmin - process scheduler administration
The dispadmin command displays or changes process scheduler parameters while the system is running. FSSdispadmin is for the fair-share class. The fair share scheduler (FSS) guarantees application per- formance by explicitly allocating shares of CPU resources to projects.
Bug
There is a buffer overflow vulnerability in fssdispadmin at line 70
CODE : (void) strcpy(cmdpath, argv[0]);
BUG : if argv[0] larger than 256 chars a BOF condidition will occure
This bug has been reported to opensolaris team.
*Demonstration bug for Bugle