| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3E8429B2.2090208@terrasecurity.co.uk> From: jon at terrasecurity.co.uk (jon@...rasecurity.co.uk) Subject: ipcs on HP-UX 11.0 I found a vulnerability with ipcs a while back (January 2002), but on a different platform. Details: % uname -a Digital UNIX V4.0F (Rev. 1229) ; OSF1 V4.0 1229 alpha % ls -l /usr/bin/ipcs -rws--x--x 1 root bin 32768 Jun 3 1999 /usr/bin/ipcs % /usr/bin/ipcs -N `perl -e "print 'A' x 314"` Segmentation fault There was also an overflow with the -K option if I remember correctly. I reported this problem to Compaq, the vulnerability was confirmed, and the bug was assigned a tracking number. Since then I have not been able to get any information from Compaq on this issue. Can anyone confirm this on a later version? Jon bt@...fi.lt wrote: > Hi! > There is a buffer overflow in /usr/bin/ipcs on HP-UX 11.0 (other versions might be > vulnerable too). > $ ls -al /usr/bin/ipcs > -r-xr-sr-x 1 bin sys 28672 Apr 23 1999 /usr/bin/ipcs > $ /usr/bin/ipcs -C `perl -e 'print "A" x 2232'` > Segmentation fault > All ipcs vulnerabilities I know about are on HP Tru64. > This system was patched with PHCO_18374 - the lastest patch for ipcs. > I just wondering if it was known before, and if it was - maybe someone has a working proof > of concept on this. > bt@...fi.lt
Powered by blists - more mailing lists