Re: sastcpd Buffer Overflow and Format String Vulnerabilities

[elliptic <elliptic@localhost.localdomain>]

> "SAS software provides the foundation, tools, and
> solutions for data analysis, report generation,
> and enterprise-wide information delivery."
>
> The "SAS Job Spawner", sastcpd, contains both a buffer
> overflow and a format string vulnerability.
>
> SAS Support say that these problems were fixed in version
> 8.2 of this product, but we are unable to confirm as we
> do not have access to this version.

This problem appears to be addressed by the following product note:
http://www.sas.com/service/techsup/unotes/SN/004/004201.html

Some additional information Digital Shadow neglected to include:

sastcpd is part of the SAS/Base component.  Although I neither work for 
SAS, nor do I use their product on a regular basis, I'd assume this means 
the scope of exposure is broad.

Additionally, it appears that the objspawn program included with the 
SAS/Integration Technologies product is also vulnerable to these bugs.  
objspawn is also a setuid root executable by default.  See the above link 
for more information.

Cheers,
ellipse