[原文]Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd. NOTE: since the default configuration of setiathome is not setuid, perhaps this issue should not be included in CVE.
A local overflow exists in SETI@home. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long string to the 'socks_server', 'socks_user' and/or 'socks_passwd' command line options, a malicious user can cause arbitrary code execution resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.