RE: [Full-Disclosure] ipcs on HP-UX 11.0
From: Moraes, Fabio (fabio.moraes@eds.com)
Date: 03/28/03
- Previous message: Thomas Kristensen: "[Full-Disclosure] Secunia Research: Alexandria-dev / sourceforge multiple vulnerabilities"
- Maybe in reply to: bt@delfi.lt: "[Full-Disclosure] ipcs on HP-UX 11.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Moraes, Fabio" <fabio.moraes@eds.com> To: "'Dawes, Rogan (ZA - Johannesburg)'" <rdawes@deloitte.co.za>, "'bt@delfi.lt'" <bt@delfi.lt>, full-disclosure@lists.netsys.com Date: Fri, 28 Mar 2003 09:27:41 -0500
confirmed.
fabiom:main_tao >uname -a
HP-UX usmhshp1 B.10.20 A 9000/800 616481351 two-user license
fabiom:main_tao >ls -l /usr/bin/ipcs
-r-xr-sr-x 1 bin sys 16384 Jun 10 1996 /usr/bin/ipcs
fabiom:main_tao >ipcs -C `perl -e 'print "A" x 2232'`
ipcs: memory file unreadable
fabiom:main_tao >ipcs -C `perl -e 'print "A" x 10000'`
ipcs: memory file unreadable
fabiom:main_tao >ipcs -N `perl -e 'print "A" x 4232'`
ipcs: nlist: File name too long
not vulnerable too.
--- Fabio Moraes fabio.moraes@eds.com +55 21 3088 9548 -----Original Message----- From: Dawes, Rogan (ZA - Johannesburg) [mailto:rdawes@deloitte.co.za] Sent: sexta-feira, 28 de marco de 2003 04:34 To: 'bt@delfi.lt'; full-disclosure@lists.netsys.com Subject: RE: [Full-Disclosure] ipcs on HP-UX 11.0 Not vulnerable on 10.20, I think. [rdawes@smith rdawes]$ ls -al /usr/bin/ipcs -r-xr-sr-x 1 bin sys 16384 Jun 10 1996 /usr/bin/ipcs [rdawes@smith rdawes]$ /usr/bin/ipcs -C `perl -e 'print "A" x 2232'` ipcs: memory file unreadable [rdawes@smith rdawes]$ /usr/bin/ipcs -C `perl -e 'print "A" x 10000'` ipcs: memory file unreadable [rdawes@smith rdawes]$ uname -a HP-UX smith B.10.20 A 9000/831 2009667562 two-user license [rdawes@smith rdawes]$ -----Original Message----- From: bt@delfi.lt [mailto:bt@delfi.lt] Sent: 27 March 2003 10:55 PM To: full-disclosure@lists.netsys.com Subject: [Full-Disclosure] ipcs on HP-UX 11.0 Hi! There is a buffer overflow in /usr/bin/ipcs on HP-UX 11.0 (other versions might be vulnerable too). $ ls -al /usr/bin/ipcs -r-xr-sr-x 1 bin sys 28672 Apr 23 1999 /usr/bin/ipcs $ /usr/bin/ipcs -C `perl -e 'print "A" x 2232'` Segmentation fault All ipcs vulnerabilities I know about are on HP Tru64. This system was patched with PHCO_18374 - the lastest patch for ipcs. I just wondering if it was known before, and if it was - maybe someone has a working proof of concept on this. bt@delfi.lt -------------------------------------------------------------------- This message was sent using DELFI MailMan - http://mailman.delfi.lt/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-disclosure mailing list Full-disclosure@immunitysec.com http://www.immunitysec.com/mailman/listinfo/full-disclosure _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Thomas Kristensen: "[Full-Disclosure] Secunia Research: Alexandria-dev / sourceforge multiple vulnerabilities"
- Maybe in reply to: bt@delfi.lt: "[Full-Disclosure] ipcs on HP-UX 11.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
