------------------------------------------------------------------------
BCSA 003
Badly Coded, Inc. Security Advisory                 September 29th, 2014
------------------------------------------------------------------------
BCSA-003: Filename-based buffer overflow in BCLPR 1.2

Affected versions: 1.2 and earlier
Fixed versions: 1.3 and later

A vulnerability has been found in BCLPR versions 1.2 and earlier that
could lead to local privilege escalation. Affected users are urged to
upgrade immediately.

BCLPR versions 1.2 and earlier contain a buffer overflow vulnerability
that occurs when constructing a pathname used to delete a spool file
after it is no longer needed. If either the printer name or the file
name is too large, the construction can overflow a stack buffer and
overwrite a return address or other critical information, leading to
local privilege escalation.

We would like to acknowledge a number of students from the University
of Minnesota's Computer Science and Engineering 5271 course who
reported both vulnerabilities. Version 1.3 of BCLPR contains a patch
to address this vulnerability; we suggest that affected users upgrade
at their earliest convenience.