<date>
08/2002

<title>
/usr/sbin/swconfig

<os>
HP-UX 10.20

<info>
There exists a vulnerability in the swconfig program which allows the execution
of arbitrary commands with the root user privilages.The vulnerability is caused 
by improper handling of the LANG environment variable - it is first obtained 
with  the use of getenv() function and then copied without any size checking 
into the stack buffer with the use of strcat function.This bug can be triggered
 by invoking swconfig program with LANG environment variable set to long string.
When appropriately exploited it can lead to a local root compromise on 
a vulnerable system.

<link>
HP/hp_swconfig.c

<file>
HP/hp_swconfig.c

