SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   OS (UNIX)  >   Ipcs Vendors:   HP (Compaq)
HP/UX 'ipcs' Buffer Overflow May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1006392
SecurityTracker URL:  http://securitytracker.com/id/1006392
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 27 2003
Impact:   Execution of arbitrary code via local system, User access via local system


Description:   A vulnerability was reported in the ipcs interprocess communication status utility on the HP/UX operating system. A local user may be able to gain elevated privileges.

It is reported that a local user can trigger a buffer overflow in /usr/bin/ipcs. It may be possible to exploit the overflow to execute arbitrary code on the system with 'sys' group privileges, but that was not confirmed in the report.

A demonstration exploit is provided:

/usr/bin/ipcs -C `perl -e 'print "A" x 2232'`
Impact:   A local user may be able to obtain elevated ('sys' group) privileges on the system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.hp.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  

Message History:   This archive entry has one or more follow-up message(s) listed below.
(HP Issues Fix) HP/UX 'ipcs' Buffer Overflow May Let Local Users Gain Elevated Privileges   (support_feedback@us-support2-mail.external.hp.com (IT Resource Center ))
HP has released a temporary fix.
Sep 25 2003 (HP Issues Updated Fix) HP/UX 'ipcs' Buffer Overflow May Let Local Users Gain Elevated Privileges   (support_feedback@us-support2-mail.external.hp.com (IT Resource Center ))
HP has released a general release patch.


 Source Message Contents
Date:  Thu, 27 Mar 2003 20:55:29 GMT
Subject:  [Full-Disclosure] ipcs on HP-UX 11.0


 Hi!



 There is a buffer overflow in /usr/bin/ipcs on HP-UX 11.0 (other versions might be
vulnerable too).

 $ ls -al /usr/bin/ipcs
 -r-xr-sr-x   1 bin        sys          28672 Apr 23  1999 /usr/bin/ipcs

 $ /usr/bin/ipcs -C `perl -e 'print "A" x 2232'`
 Segmentation fault

All ipcs vulnerabilities I know about are on HP Tru64.
This system was patched with PHCO_18374 - the lastest patch for ipcs.
I just wondering if it was known before, and if it was - maybe someone has a working proof
of concept on this.

bt@delfi.lt

--------------------------------------------------------------------
This message was sent using DELFI MailMan - http://mailman.delfi.lt/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC