[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: RE: [Full-Disclosure] ipcs on HP-UX 11.0
From: "Moraes, Fabio" <fabio.moraes () eds ! com>
Date: 2003-03-28 14:27:41
[Download RAW message or body]
confirmed.
fabiom:main_tao >uname -a
HP-UX usmhshp1 B.10.20 A 9000/800 616481351 two-user license
fabiom:main_tao >ls -l /usr/bin/ipcs
-r-xr-sr-x 1 bin sys 16384 Jun 10 1996 /usr/bin/ipcs
fabiom:main_tao >ipcs -C `perl -e 'print "A" x 2232'`
ipcs: memory file unreadable
fabiom:main_tao >ipcs -C `perl -e 'print "A" x 10000'`
ipcs: memory file unreadable
fabiom:main_tao >ipcs -N `perl -e 'print "A" x 4232'`
ipcs: nlist: File name too long
not vulnerable too.
---
Fabio Moraes
fabio.moraes@eds.com
+55 21 3088 9548
-----Original Message-----
From: Dawes, Rogan (ZA - Johannesburg) [mailto:rdawes@deloitte.co.za]
Sent: sexta-feira, 28 de marco de 2003 04:34
To: 'bt@delfi.lt'; full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] ipcs on HP-UX 11.0
Not vulnerable on 10.20, I think.
[rdawes@smith rdawes]$ ls -al /usr/bin/ipcs
-r-xr-sr-x 1 bin sys 16384 Jun 10 1996 /usr/bin/ipcs
[rdawes@smith rdawes]$ /usr/bin/ipcs -C `perl -e 'print "A" x 2232'`
ipcs: memory file unreadable
[rdawes@smith rdawes]$ /usr/bin/ipcs -C `perl -e 'print "A" x 10000'`
ipcs: memory file unreadable
[rdawes@smith rdawes]$ uname -a
HP-UX smith B.10.20 A 9000/831 2009667562 two-user license
[rdawes@smith rdawes]$
-----Original Message-----
From: bt@delfi.lt [mailto:bt@delfi.lt]
Sent: 27 March 2003 10:55 PM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] ipcs on HP-UX 11.0
Hi!
There is a buffer overflow in /usr/bin/ipcs on HP-UX 11.0 (other versions
might be
vulnerable too).
$ ls -al /usr/bin/ipcs
-r-xr-sr-x 1 bin sys 28672 Apr 23 1999 /usr/bin/ipcs
$ /usr/bin/ipcs -C `perl -e 'print "A" x 2232'`
Segmentation fault
All ipcs vulnerabilities I know about are on HP Tru64.
This system was patched with PHCO_18374 - the lastest patch for ipcs.
I just wondering if it was known before, and if it was - maybe someone has a
working proof
of concept on this.
bt@delfi.lt
--------------------------------------------------------------------
This message was sent using DELFI MailMan - http://mailman.delfi.lt/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-disclosure mailing list
Full-disclosure@immunitysec.com
http://www.immunitysec.com/mailman/listinfo/full-disclosure
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic