VULHUB ™

ClearCase is a commercially available software change management package. It is maintained and distributed by Rational. A problem with the package could lead to a local user gaining elevated privileges. The problem is in the handling of environment variables by db_loader. db_loader does not correctly handle input from a user's TERM environment variable, making it possible for a local user to execute arbitrary code when 550 bytes of data is placed in TERM. Since the db_loader program is setuid root, this problem can result in a local user gaining administrative access on a vulnerable system.

ClearCase is a commercially available software change management package. It is maintained and distributed by Rational. A problem with the package could lead to a local user gaining elevated privileges. The problem is in the handling of environment variables by db_loader. db_loader does not correctly handle input from a user's TERM environment variable, making it possible for a local user to execute arbitrary code when 550 bytes of data is placed in TERM. Since the db_loader program is setuid root, this problem can result in a local user gaining administrative access on a vulnerable system.