Bugtraq mailing list archives
HPUX disable buffer overflow vulnerability
From: "Davide Del Vecchio" <dante () alighieri org>
Date: Thu, 13 Feb 2003 15:51:04 +0100
======================================================= HPUX disable buffer overflow vulnerability======================================================= Davide Del Vecchio Adv#4
Date: 13/02/2003Tested on HP-UX B.11.00 Description:
The enable command activates the named printers, enabling them to print requests taken by lp. The "-r" option Associate a reason with the deactivation of the printer. The "-c" option cancel anyrequests that are currently printing on any of the designated printers.
$ ls -al `which disable`-r-sr-xr-x 1 lp bin 28672 Jun 15 1998 /usr/bin/disable Using disable with or without '-r', '-c' with a long option string:
$ disable -r `perl -e 'printf "A" x 9777'`Memory fault Solution:
HP has been contacted, hope it will release soon a patch. I sent an e-mail to support () hp com beacause the url http://thenew.hp.com/country/us/eng/sftware_security.htmlwont work. Credits:
Davide Del Vecchio would like to thank in primis his love Mara,his coworkers of the security and monitoring staff @ Banca Mediolanum. Disclaimer:
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.^^^^^^^^
Please send suggestions, updates, and comments to: Davide Del Vecchio , Dante Alighieri - dante () alighieri org / security () phx it www.alighieri.org
Current thread:
- HPUX disable buffer overflow vulnerability Davide Del Vecchio (Feb 13)
- Re: HPUX disable buffer overflow vulnerability Marc1 (Feb 13)
- <Possible follow-ups>
- HPUX disable buffer overflow vulnerability HP S/W Security Team (Feb 14)