[原文]Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument.
[CNNVD]Inktomi Traffic Server Traffic Edge Media-IXT特权提升漏洞(CNNVD-200210-225)
Inktomi Traffic Server 4.0.18版本到5.2.2版本,Traffic Edge 1.1.2版本和1.5.0版本,以及Media-IXT 3.0.4版本的traffic_manager存在缓冲区溢出漏洞。本地用户可以借助超长-path参数提升根特权。
source: http://www.securityfocus.com/bid/5098/info
Inktomi Traffic Server is a transparent web caching application. It is designed for use with Unix and Linux variants as well as Microsoft Windows operating environments.
A buffer overflow vulnerability has been reported in the Inktomi Traffic Server. The vulnerability occurs in the traffic_manager binary included with Inktomi Traffic Server.
Reportedly, executing traffic_manager with an excessively long commandline argument will cause the buffer overflow condition. As traffic_manager is a setuid root binary, it is possible for a remote attacker to obtain root, or superuser, privileges on a compromised system.
traffic_manager -path `perl -e 'print "A"x1720'` <