lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Tue, 06 Feb 2007 12:44:21 +0100
From: "Andrea \"bunker\" Purificato" <bunker@...twebnet.it>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: PS Information Leak on HP True64 Alpha OSF1 v5.1 1885

[After months of silence from the "HP Software Security Response Team"]


-Type: Information leak
-Risk: low
-Author: Andrea "bunker" Purificato - http://rawlab.mindcreations.com

-Description: the "ps" command (also /usr/ucb/ps) on HP OSF1 v5.1 Alpha,
developed without an eye to security, allows unprivileged users to see
values of all processes environment variables.

It's something similar to "raptor_ucbps" (by Marco Ivaldi) for Solaris.

I've tested it only on OSF1 v5.1 1885.
If you remove bit suid from executable, "ps" doesn't work correctly.

-Code: http://rawlab.mindcreations.com/codes/exp/nix/osf1true64ps.ksh


Bye,
-- 
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

http://rawlab.mindcreations.com

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux