Bugtraq mailing list archives
buffer over in hp-ux 10.20 kernel
From: darrenr () CYBER COM AU (Darren Reed)
Date: Mon, 24 Mar 1997 11:33:59 +1100
This is from the latest HP bug reports (i.e. there is a patch)....does anyone know if this can be used to get root or crash the box ? Darren
Document ID: PHKL_10406 Date Loaded: 970320 Title: s800 10.24 (VVOS) kernel audit buffer overflow Patch Name: PHKL_10406 Patch Description: s800 10.24 (VVOS) kernel audit buffer overflow Creation Date: 97/03/13 Post Date: 97/03/19 Hardware Platforms - OS Releases: s800: 10.24 Products: N/A Filesets: VirtualVaultOS.VVOS-KRN Automatic Reboot?: Yes Status: General Release Critical: No Path Name: /hp-ux_patches/s800/10.X/PHKL_10406 Symptoms: PHKL_10406: The audit statistics available from auditcmd -c will show that the largest amount of audit buffer space used is greater than the configured limit. Defect Description: PHKL_10406: Under heavy system load with auditing enabled, the kernel buffer used to hold audit records queued for delivery to the audit daemon can contain more audit data than the configured size for the audit buffer. SR: 4701349381 Patch Files: /usr/conf/lib/libsec.a(sec_audit.o) /usr/conf/lib/libsec.a(audit_dev.o) what(1) Output: /usr/conf/lib/libsec.a(audit_dev.o): kern/sec/audit_dev.c, sysaudit, vvos_davis, davis11 $Date: 97/03/13 18:49:34 $ $Revision: 1.37 P ATCH_10.24 (PHKL_10406) $ /usr/conf/lib/libsec.a(sec_audit.o): kern/sec/sec_audit.c, sysaudit, vvos_davis, davis11 $Date: 97/03/13 18:49:34 $ $Revision: 1.36 P ATCH_10.24 (PHKL_10406) $ cksum(1) Output: 3353318163 15680 /usr/conf/lib/libsec.a(audit_dev.o) 3404447330 19952 /usr/conf/lib/libsec.a(sec_audit.o) Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: PHKL_10407: s700: 10.24 Patch Package Size: 90 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHKL_10406 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHKL_10406.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHKL_10406.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHKL_10406. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHKL_10406.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHKL_10406.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None
Current thread:
- Reported Sendmail 8.8.4 Exploit, (continued)
- Reported Sendmail 8.8.4 Exploit gshapiro () SENDMAIL ORG (Mar 25)
- minor vulnerability in ELM Dmitry E. Kim (Mar 26)
- FreeBSD-SA-97:02: Buffer overflow in lpd Aleph One (Mar 26)
- Cisco 2509/2511 Albert Siersema (Mar 24)
- Re: Cisco 2509/2511 Dan Brown (Mar 24)
- Re: Cisco 2509/2511 Erdinc KAYA (Mar 24)
- Re: your mail Stefan Laudat (Mar 24)
- Re: your mail Jamie Rishaw (Mar 24)
- Re: your mail Illuminati Primus (Mar 24)
- ObNag: running sendmail as root Tom Guptill (Mar 24)
- buffer over in hp-ux 10.20 kernel Darren Reed (Mar 23)
- Re: buffer over in hp-ux 10.20 kernel Security Alert (Mar 26)