Re: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv

From: KF (dotslash@snosoft.com)
Date: 03/27/02 

Date: Wed, 27 Mar 2002 11:58:01 -0500
From: KF <dotslash@snosoft.com>
To: Mike Blomgren <mike.blomgren@ccnox.com>

Not really sure... the ladebug debugger gave me a head ache so I didn't
play with it much. If someone can point
me to a working tru64 gdb package I would find out some details. I was
hoping that someone else from the
list would be able to determine just that...is local root compromise
possible?
-KF

Mike Blomgren wrote:

>Does this imply a possible root compromise, or 'just' a DoS?
>
>-----Original Message-----
>From: KF [mailto:dotslash@snosoft.com]
>Sent: den 5 april 2002 03:18
>To: vuln-dev@security-focus.com
>Subject: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv
>
>
>Heres some the results of my latenight audit on Tru64. Its too late for
>me to mess with Compaqs web site to get the security contact ( I am
>tired and don't care or something). If someone has TRU64 gdb binaries I
>would love them... its too late for me to be playing with the Tru64
>ladebug also... get it "Lady Bug" har har.
>
>alpha.snosoft.com> uname -a
>OSF1 alpha.snosoft.com V5.1 732 alpha
>
>alpha.snosoft.com> ls -al /usr/bin/at
>-rwsr-xr-x 1 root bin 57760 Aug 24 2000 /usr/bin/at
>
>alpha.snosoft.com> /usr/bin/at `perl -e 'print "A" x 9000'` Memory fault
>- core dumped
>
>alpha.snosoft.com> ls -al /usr/dt/bin/mailcv
>-rwsr-xr-x 1 root bin 98368 Aug 25 2000 /usr/dt/bin/mailcv
>
>alpha.snosoft.com> /usr/dt/bin/mailcv -f `perl -e 'print "A" x 9000'` A
>exception system: exiting due to multiple internal errors:
> exception dispatch or unwind stuck in infinite loop
> exception dispatch or unwind stuck in infinite loop exception
>system: exiting due to multiple internal errors:
> exception dispatch or unwind stuck in infinite loop
> exception dispatch or unwind stuck in infinite loop Abort - core
>dumped
>
>-KF
>
>
>