Full Disclosure mailing list archives
Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ]
From: Roman Medina-Heigl Hernandez <roman () rs-labs com>
Date: Tue, 17 Oct 2006 21:15:05 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Product Name : dtmail Product Version : 5.1b Vendor Name : Hewlet Packard Criticality : Local Root Compromise Effort : Easy Operating System : Tru64 Type : Unchecked Buffer
Hello, I've just installed vulnerable package in my test-bed: # uname -a OSF1 alpha V5.1 2650 alpha # pwd /mnt/ALPHA/BASE # setld -l . OSFCDEMAIL540 # ls -l /usr/dt/bin/dtmail - -r-xr-sr-x 1 bin mail 1212752 Oct 17 2002 /usr/dt/bin/dtmail # How is this a local root? (binary is setgid "mail" but not setuid "root") - -- Saludos, - -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFFNSu45H+KferVZ0IRAkbgAJ4nuC7G+NypoVaZo5VbvNwMeZrVugCg0IUe fLTR3JrJQl8I9+2VW87w4sE= =y2ll -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Netragard Security Advisories (Oct 17)
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 17)
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 20)
- Message not available
- Message not available
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 20)
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Netragard Security Advisories (Oct 20)
- Message not available
- HP Tru64 dtmail bug - Really exploitable? Roman Medina-Heigl Hernandez (Oct 22)
- Re: HP Tru64 dtmail bug - Really exploitable? K F (lists) (Oct 22)
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 20)
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 17)