Local Privilege Escalation in Solaris 8 and Solaris 9 via Buffer Overflow in passwd(1)

While remote compromises are preferred by attackers and most feared by defenders, local privilege escalation can be equally as dangerous and even harder to uncover. A buffer overflow in the passwd program used in Sun Microsystems' Solaris 8 and Solaris 9 Operating Environments can be silently...
Shaun McAdams
May 5, 2005

All papers are copyrighted. No re-posting of papers is permitted