VULHUB ™

AutoNice Daemon (AND) is a freely available, open source software package designed to limit the activity of system processes. It provides features such as killing a process that has exceeded specific memory or processor resources. AND is vulnerable to a format string bug in process names. A process named with format strings will allow the execution of arbitrary code when AND attempts to kill it. This could allow a local user to write to arbitrary sections of process memory, including the return address, and execute code as root.

AutoNice Daemon (AND) is a freely available, open source software package designed to limit the activity of system processes. It provides features such as killing a process that has exceeded specific memory or processor resources. AND is vulnerable to a format string bug in process names. A process named with format strings will allow the execution of arbitrary code when AND attempts to kill it. This could allow a local user to write to arbitrary sections of process memory, including the return address, and execute code as root.