CVE-2005-3566 Information

Description

Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent (2) haalert (3) haattr (4) hacli (5) hacli_runcmd (6) haclus (7) haconf (8) hadebug (9) hagrp (10) hahb (11) halog (12) hareg (13) hares (14) hastatus (15) hasys (16) hatype (17) hauser and (18) tststew.

Reference

http://marc.info/?l=bugtraq&m=113199516516880&w=2 http://osvdb.org/20673 http://secunia.com/advisories/17502 http://securityreason.com/securityalert/174 http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08a.html http://securitytracker.com/id?1015169 http://www.securityfocus.com/bid/15349 http://www.vupen.com/english/advisories/2005/2350 https://exchange.xforce.ibmcloud.com/vulnerabilities/22986