VULHUB ™

UUCP allows the copying of files between different UNIX systems and for sending commands for execution on a remote system. uuxqt is a utility within the uucp system which handles execution of remote command requests. By supplying an excessively long string as an argument to uuxqt on the command line, it is possible for a local attacker to overflow the program's input buffer. As a result of this overflow, excess data copied onto the stack can overwrite critical parts of the stack frame such as the calling function's return address. Since this data is supplied by the user it can be crafted to alter the program's flow of execution. Properly exploited, this could grant the attacker an elevation of privileges.

UUCP allows the copying of files between different UNIX systems and for sending commands for execution on a remote system. uuxqt is a utility within the uucp system which handles execution of remote command requests. By supplying an excessively long string as an argument to uuxqt on the command line, it is possible for a local attacker to overflow the program's input buffer. As a result of this overflow, excess data copied onto the stack can overwrite critical parts of the stack frame such as the calling function's return address. Since this data is supplied by the user it can be crafted to alter the program's flow of execution. Properly exploited, this could grant the attacker an elevation of privileges.