<date>
12/2000

<title>
/usr/sbin/landiag

<os>
HP-UX 10.20

<info>
There exists a buffer overflow vulnerability in the lanadmin program in the
way the TERM environment variable is handled.The vulnerability is caused by
improper handling of the TERM environment variable in the setupterm() function
- it copies this variable without any size checking into the stack buffer with
the use of strcpy function. This bug can be triggered by invoking lanadmin
program with TERM environment variable set to long string. When appropriately
exploited it can lead to a local root compromise on a vulnerable system.

<link>
HP/hp_landiag.c

<file>
HP/hp_landiag.c

