SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  OS (UNIX)  >  Ipcs Vendors:  HP (Compaq)
HP/UX 'ipcs' Buffer Overflow May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1006392
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 27 2003
Impact:  Execution of arbitrary code via local system, User access via local system
Description:  A vulnerability was reported in the ipcs interprocess communication status utility on the HP/UX operating system. A local user may be able to gain elevated privileges.

It is reported that a local user can trigger a buffer overflow in /usr/bin/ipcs. It may be possible to exploit the overflow to execute arbitrary code on the system with 'sys' group privileges, but that was not confirmed in the report.

A demonstration exploit is provided:

/usr/bin/ipcs -C `perl -e 'print "A" x 2232'`
Impact:  A local user may be able to obtain elevated ('sys' group) privileges on the system.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.hp.com/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  UNIX (HP/UX)
Reported By:  bt@delfi.lt
Message History:   This archive entry has one or more follow-up message(s) listed below.
May 19 2003 (HP Issues Fix) HP/UX 'ipcs' Buffer Overflow May Let Local Users Gain Elevated Privileges   (support_feedback@us-support2-mail.external.hp.com (IT Resource Center ))
HP has released a temporary fix.
Sep 25 2003 (HP Issues Updated Fix) HP/UX 'ipcs' Buffer Overflow May Let Local Users Gain Elevated Privileges   (support_feedback@us-support2-mail.external.hp.com (IT Resource Center ))
HP has released a general release patch.


 Source Message Contents
Date:  Thu, 27 Mar 2003 20:55:29 GMT
From:  bt@delfi.lt
Subject:  [Full-Disclosure] ipcs on HP-UX 11.0

 

 Hi!



 There is a buffer overflow in /usr/bin/ipcs on HP-UX 11.0 (other versions might be
vulnerable too).

 $ ls -al /usr/bin/ipcs
 -r-xr-sr-x   1 bin        sys          28672 Apr 23  1999 /usr/bin/ipcs

 $ /usr/bin/ipcs -C `perl -e 'print "A" x 2232'`
 Segmentation fault

All ipcs vulnerabilities I know about are on HP Tru64.
This system was patched with PHCO_18374 - the lastest patch for ipcs.
I just wondering if it was known before, and if it was - maybe someone has a working proof
of concept on this.

bt@delfi.lt

--------------------------------------------------------------------
This message was sent using DELFI MailMan - http://mailman.delfi.lt/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC