Originally Published: Friday, 15 October 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

OpenLink 3.2 Advisory

A serious security hole has been found in the web configuration utility that comes with OpenLink 3.2. This hole will allow remote users to execute arbitrary code as the user id under which the web configurator is run (inherited from the request broker, oplrqb). The hole is a run-of-the-mill buffer overflow, due to lack of parameter checking when strcpy() is used.