Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAS SASTCPD本地命令行格式串漏洞
Vulnerability Description
SAS Software提供了数据分析、报告生成、企业级信息传递的工具和解决方案,软件有Unix、Linux及Windows下的版本。sastcpd是SAS Software软件架构中的任务生成程序。 sastcpd程序存在输入验证漏洞,可以使本地攻击者通过溢出攻击得到主机的管理员权限。 当sastcpd处理格式串命令行参数时存在问题,导致堆栈变量重写执行攻击者指定的任意指令。因为sastcpd一般是以suid root安装的,指令将以root的身份被执行。
CVSS Information
N/A
Vulnerability Type
N/A