Bugtraq mailing list archives
HP-UX B.10.01 vulnerability
From: aleph1 () underground org (Aleph One)
Date: Fri, 7 Jun 1996 11:15:51 -0700
As shipped, the HP-UX program /usr/contrib/bin/nettune is SETUID root. When SETUID root, nettune allows reconfiguration of ICMP, IP, and TCP kernel parameters by ANY user. The vulnerability can result in a denial of service. nettune can reset any of the following parameters: % nettune -l arp_killcomplete = 1200 default = 1200 min = 60 max = 3600 units = seconds arp_killincomplete = 600 default = 600 min = 30 max = 3600 units = seconds arp_unicast = 300 default = 300 min = 60 max = 3600 units = seconds arp_rebroadcast = 60 default = 60 min = 30 max = 3600 units = seconds icmp_mask_agent = 0 default = 0 min = 0 max = 1 ip_defaultttl = 255 default = 255 min = 0 max = 255 units = hops ip_forwarding = 0 default = 1 min = 0 max = 1 ip_intrqmax = 50 default = 50 min = 10 max = 1000 units = entries pmtu_defaulttime = 20 default = 20 min = 10 max = 32768 tcp_localsubnets = 1 default = 1 min = 0 max = 1 tcp_receive = 32768 default = 32768 min = 256 max = 262144 units = bytes tcp_send = 32768 default = 32768 min = 256 max = 262144 units = bytes tcp_defaultttl = 64 default = 64 min = 0 max = 255 units = hops tcp_keepstart = 7200 default = 7200 min = 5 max = 12000 units = seconds tcp_keepfreq = 75 default = 75 min = 5 max = 2000 units = seconds tcp_keepstop = 600 default = 600 min = 10 max = 4000 units = seconds tcp_maxretrans = 12 default = 12 min = 4 max = 12 tcp_urgent_data_ptr = 0 default = 0 min = 0 max = 1 udp_cksum = 1 default = 1 min = 0 max = 1 udp_defaultttl = 64 default = 64 min = 0 max = 255 units = hops udp_newbcastenable = 1 default = 1 min = 0 max = 1 udp_pmtu = 0 default = 0 min = 0 max = 1 tcp_pmtu = 1 default = 1 min = 0 max = 1 tcp_random_seq = 0 default = 0 min = 0 max = 2 %
Current thread:
- Re: Not so much a bug as a warning of new brute force attack, (continued)
- Re: Not so much a bug as a warning of new brute force attack Valdis.Kletnieks () vt edu (Jun 04)
- rexec brute bastard (Jun 04)
- Selecting Good Passwords mdr () vodka sse att com (Jun 04)
- brute force *Hobbit* (Jun 04)
- Re: brute force Christopher Klaus (Jun 04)
- Re: brute force Tom Fitzgerald (Jun 05)
- Re: brute force Alan Brown (Jun 06)
- Re: Linux rlogin hole with libc 5.x Alan Brown (Jun 06)
- Re: Linux rlogin hole with libc 5.x Pablo Idiaquez (Jun 06)
- help TaeJin Hong (Jun 07)
- HP-UX B.10.01 vulnerability Aleph One (Jun 07)
- Strange changes - any ideas? Fred Cohen (Jun 08)
- Re: Strange changes - any ideas? dsiebert () icaen uiowa edu (Jun 09)
- Re: Strange changes - any ideas? Andrew V. Kovalev (Jun 09)
- Digital Unix, daemons and the SIA authentication library. Paul C Leyland (Jun 10)
- Re: Strange changes - any ideas? Darren Reed (Jun 10)
- Vulnerability Database Christopher Klaus (Jun 10)
- Re: brute force Ze'ev Maor (Jun 04)
- Re: brute force simes () tcp co uk (Jun 04)