Bugtraq mailing list archives
PS Information Leak on HP True64 Alpha OSF1 v5.1 1885
From: "Andrea \"bunker\" Purificato" <bunker () fastwebnet it>
Date: Tue, 06 Feb 2007 12:44:21 +0100
[After months of silence from the "HP Software Security Response Team"] -Type: Information leak -Risk: low -Author: Andrea "bunker" Purificato - http://rawlab.mindcreations.com -Description: the "ps" command (also /usr/ucb/ps) on HP OSF1 v5.1 Alpha, developed without an eye to security, allows unprivileged users to see values of all processes environment variables. It's something similar to "raptor_ucbps" (by Marco Ivaldi) for Solaris. I've tested it only on OSF1 v5.1 1885. If you remove bit suid from executable, "ps" doesn't work correctly. -Code: http://rawlab.mindcreations.com/codes/exp/nix/osf1true64ps.ksh Bye, -- Andrea "bunker" Purificato +++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++ ++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++. http://rawlab.mindcreations.com
Current thread:
- PS Information Leak on HP True64 Alpha OSF1 v5.1 1885 Andrea "bunker" Purificato (Feb 06)
- Re: [Full-disclosure] PS Information Leak on HP Tru64 Alpha OSF1 v5.1 1885 Andrea "bunker" Purificato (Feb 06)
- Re: PS Information Leak on HP True64 Alpha OSF1 v5.1 1885 Ivan Jager (Feb 09)
- Re: PS Information Leak on HP True64 Alpha OSF1 v5.1 1885 Andrea Purificato - bunker (Feb 09)