| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <45352BB9.40907@rs-labs.com> Date: Tue, 17 Oct 2006 21:15:05 +0200 From: Roman Medina-Heigl Hernandez <roman@...labs.com> To: Netragard Security Advisories <advisories@...ragard.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Product Name : dtmail > Product Version : 5.1b > Vendor Name : Hewlet Packard > Criticality : Local Root Compromise > Effort : Easy > Operating System : Tru64 > Type : Unchecked Buffer Hello, I've just installed vulnerable package in my test-bed: # uname -a OSF1 alpha V5.1 2650 alpha # pwd /mnt/ALPHA/BASE # setld -l . OSFCDEMAIL540 # ls -l /usr/dt/bin/dtmail - -r-xr-sr-x 1 bin mail 1212752 Oct 17 2002 /usr/dt/bin/dtmail # How is this a local root? (binary is setgid "mail" but not setuid "root") - -- Saludos, - -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFFNSu45H+KferVZ0IRAkbgAJ4nuC7G+NypoVaZo5VbvNwMeZrVugCg0IUe fLTR3JrJQl8I9+2VW87w4sE= =y2ll -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists