CVE-2008-1056

Symark PowerBroker 2.8-5.0.1 - Local Privilege Escalation via Long argv[0] String

Title source: llm
STIX 2.1

Description

Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that facilitate subsequent remote compromises.

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29111
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28015
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/40872

Scores

EPSS 0.0042
EPSS Percentile 33.9%

Details

CWE
CWE-119
Status published
Products (7)
symark/powerbroker 2.8
symark/powerbroker 3.0
symark/powerbroker 3.2
symark/powerbroker 3.5
symark/powerbroker 4.0
symark/powerbroker 5.0
symark/powerbroker 5.01
Published Feb 28, 2008
Tracked Since Feb 18, 2026