RE: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv

From: Mike Blomgren (mike.blomgren@ccnox.com)
Date: 03/27/02 

From: "Mike Blomgren" <mike.blomgren@ccnox.com>
To: <vuln-dev@security-focus.com>
Date: Wed, 27 Mar 2002 11:25:34 +0100

Does this imply a possible root compromise, or 'just' a DoS?

-----Original Message-----
From: KF [mailto:dotslash@snosoft.com]
Sent: den 5 april 2002 03:18
To: vuln-dev@security-focus.com
Subject: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv

Heres some the results of my latenight audit on Tru64. Its too late for
me to mess with Compaqs web site to get the security contact ( I am
tired and don't care or something). If someone has TRU64 gdb binaries I
would love them... its too late for me to be playing with the Tru64
ladebug also... get it "Lady Bug" har har.

alpha.snosoft.com> uname -a
OSF1 alpha.snosoft.com V5.1 732 alpha

alpha.snosoft.com> ls -al /usr/bin/at
-rwsr-xr-x 1 root bin 57760 Aug 24 2000 /usr/bin/at

alpha.snosoft.com> /usr/bin/at `perl -e 'print "A" x 9000'` Memory fault
- core dumped

alpha.snosoft.com> ls -al /usr/dt/bin/mailcv
-rwsr-xr-x 1 root bin 98368 Aug 25 2000 /usr/dt/bin/mailcv

alpha.snosoft.com> /usr/dt/bin/mailcv -f `perl -e 'print "A" x 9000'` A
exception system: exiting due to multiple internal errors:
       exception dispatch or unwind stuck in infinite loop
       exception dispatch or unwind stuck in infinite loop exception
system: exiting due to multiple internal errors:
       exception dispatch or unwind stuck in infinite loop
       exception dispatch or unwind stuck in infinite loop Abort - core
dumped

-KF