[原文]Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
This vulnerability was originally announced by Wodahs Latigid <firstname.lastname@example.org> in a Ministry-of-Peace on January 29, 2002.
SAS Base 8.1
SAS Base 8.0
SAS Base 8.2
SAS Base 8.2
sastcpd is a "Job Spawner" included with the base installation of the SAS Software infrastructure. It is available for various platforms. This issue affects systems running the Unix, Linux, and Microsoft operating systems.
A problem has been discovered in the sastcpd program. sastcpd is a job spawning program included with the SAS Base product. By default, it is installed setuid root. sastcpd is vulnerable to a format string attack. When executed with a command line argument of a format string, it is possible to overwrite arbitrary addresses in memory. This can result in the execution of arbitrary code. As the sastcpd program is installed setuid root, the code will be executed with administrative privileges.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com <mailto:firstname.lastname@example.org>.