Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that facilitate subsequent remote compromises.
Software | From | Fixed in |
---|---|---|
symark / powerbroker | 2.8 | 2.8.x |
symark / powerbroker | 3.0 | 3.0.x |
symark / powerbroker | 3.2 | 3.2.x |
symark / powerbroker | 3.5 | 3.5.x |
symark / powerbroker | 4.0 | 4.0.x |
symark / powerbroker | 5.0 | 5.0.x |
symark / powerbroker | 5.01 | 5.01.x |