Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Possible vulnerability in HPUX

From: Quentin GIORGI <qgiorgi () SANCERRE GRENOBLE HP COM>
Date: Wed, 9 Aug 2000 09:31:00 +0200
Hello,

Few days ago i read the mail [ Hackerslab bug_paper ] HP-UX bdf -t
option buffer overflow vul. And decided to see any other possible
vulnerability(ies) on my ststem. (HP-UX 10.20).
After a *few* minutes ( maybe a little more :) ),trying each setuid exe
with different options, i finally got results as for bdf:
My basic knowledge tells me that it could be exploitable, but as i am
not a PA RISC assembly expert, i let anyone decide.

I have a quick query on the database vulnerability and can't see
anything about this on HPUX, but...

df:
---
sancerre: /home/qgiorgi>ll `which df`
-r-sr-xr-x   1 root       bin          69632 Jun 10  1996 /usr/bin/df

sancerre: /home/qgiorgi>df -F `perl -e "print 't'x3631"`
df: ttt <skip> ttt : No such file or directory
usage : df [-F FStype] [-V] [-egiklnvfb] [-t|-P] [-o specific_options]
           [special | directory ...]
sancerre: /home/qgiorgi>df -F `perl -e "print 't'x3632"`
Segmentation fault

exrecover:
--------
sancerre: /home/qgiorgi>ll `which exrecover`
-r-sr-xr-x   1 root       bin          20480 May 30  1996
/usr/lbin/exrecover

sancerre: /home/qgiorgi>exrecover anythingUwant `perl -e "print
't'x4703"`
 File not found
sancerre: /home/qgiorgi>exrecover anythingUwant `perl -e "print
't'x4704"`
Segmentation fault


And eventually, but it is owned by uucp i think it's less interesting.
uusub:
-----
sancerre: /home/qgiorgi>ll `which uusub`
-r-sr-xr-x   1 uucp       bin          32768 May 30  1996
/usr/lib/uucp/uusub
sancerre: /home/qgiorgi>uusub -a `perl -e "print 't'x212"`
sancerre: /home/qgiorgi>
sancerre: /home/qgiorgi>uusub -a `perl -e "print 't'x213"`
Segmentation fault

I also try this onHPUX 11.00 (9911)
uusub works with length of  225
exrecover works with length > 2700


I hope this could help.


---------------------------------------------------------------------------

Quentin GIORGI
Network Engineer
E.I.C IDA
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: