CVE-2008-1056

Name of the Vulnerable Software and Affected Versions Symark PowerBroker versions 2.8 through 5.0.1

Description The issue allows local users to gain privileges via a long argv[0] string when executing commands such as pbrun, pbsh, or pbksh. This can be particularly problematic in environments with trust relationships, as it may facilitate subsequent remote compromises.

Recommendations For Symark PowerBroker versions 2.8 through 5.0.1, consider restricting the execution of pbrun, pbsh, and pbksh commands to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the length of the argv[0] string to prevent buffer overflows. At the moment, there is no information about a newer version that contains a fix for this vulnerability.