Vulnerability Development mailing list archives

RE: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv

From: "Mike Blomgren" <mike.blomgren () ccnox com>
Date: Wed, 27 Mar 2002 11:25:34 +0100

Does this imply a possible root compromise, or 'just' a DoS?

-----Original Message-----
From: KF [mailto:dotslash () snosoft com] 
Sent: den 5 april 2002 03:18
To: vuln-dev () security-focus com
Subject: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv


Heres some the results of my latenight audit on Tru64. Its too late for 
me to mess with Compaqs web site to get the security contact ( I am 
tired and don't care or something). If someone has TRU64 gdb binaries I 
would love them... its too late for me to be playing with the Tru64 
ladebug also... get it "Lady Bug" har har.

alpha.snosoft.com> uname -a
OSF1 alpha.snosoft.com V5.1 732 alpha

alpha.snosoft.com> ls -al /usr/bin/at
-rwsr-xr-x   1 root     bin        57760 Aug 24  2000 /usr/bin/at

alpha.snosoft.com> /usr/bin/at `perl -e 'print "A" x 9000'` Memory fault
- core dumped

alpha.snosoft.com> ls -al /usr/dt/bin/mailcv
-rwsr-xr-x   1 root     bin        98368 Aug 25  2000 /usr/dt/bin/mailcv

alpha.snosoft.com> /usr/dt/bin/mailcv -f  `perl -e 'print "A" x 9000'` A
exception system:  exiting due to multiple internal errors:
       exception dispatch or unwind stuck in infinite loop
       exception dispatch or unwind stuck in infinite loop exception
system:  exiting due to multiple internal errors:
       exception dispatch or unwind stuck in infinite loop
       exception dispatch or unwind stuck in infinite loop Abort - core
dumped

-KF

Current thread:

Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv KF (Mar 24)
- RE: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv Mike Blomgren (Mar 27)
  - Re: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv KF (Mar 27)
    - Re: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv Foldi Tamas (Mar 28)
    - Re: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv KF (Mar 28)