Bugtraq mailing list archives

Re: buffer over in hp-ux 10.20 kernel

From: secure () HPCUGSYA CUP HP COM (Security Alert)
Date: Wed, 26 Mar 1997 17:26:49 PST


On 24 March '97 Darren Reed <darrenr () CYBER COM AU> wrote:

Subject: buffer over in hp-ux 10.20 kernel
To: BUGTRAQ () NETSPACE ORG

This is from the latest HP bug reports (i.e. there is a patch)....does anyone
know if this can be used to get root or crash the box ?

Darren

Document ID:  PHKL_10406

<snip>

This is to clarify and summarize
        * which systems are affected.
        * what the problem was that is corrected by our patch PHKL_1040[6,7]
        * what the problem isn't

The only operating systems affected are HP-UX 10.24 and HP-UX 10.16.
This means the Virtual Vault Operating System (VVOS) on HP 9000 Series 7/800
and the Trusted Operating System (CMW) on the Series 700.  This is _not_ the
same as the main stream releases of HP-UX -- releases 10.01, 10.10, or 10.20.

Summarization of Problem Targeted by Patch PHKL_10406

 Under certain conditions, the limit on the amount of audit data that
 the kernel will gather from applications submitting audit records can
 exceed the configured limit for a period of time.

 The configured limit is a value, for example, 32K bytes, against which
 applications are measured before they submit audit records. When the
 limit is reached, applications will be suspended briefly by the kernel
 until the system's audit daemon has extracted the audit records already
 submitted by other applications and brought the amount of space audit
 records under the configured limit.

 Under periods of excessive load, the configured limit can be ignored
 resulting in the amount of audit data held by the kernel for delivery
 to the audit daemon to exceed the configured limit. The kernel does
 *not* use a buffer to store data so there is not a chance of overflowing
 a fixed-size memory area. Instead, memory is dynamically allocated for
 each audit record. Thus, the result of exceeding the configured limit
 is that more memory is used by the kernel for audit record storage --
 this memory is eventually returned to the kernel as a side effect of
 the audit daemon extracting the audit information.

 The audit system in the affected releases is governed partially by
 audit configuration parameters established by the system's administrative
 staff. The programs that affect the audit configuration can only
 be executed by authorized individuals. The audit configuration is stored
 in each system's filesystem -- the files are protected both with
 Discretionary Access Control (i.e., the permission/mode bits of a file)
 and Mandatory Access Control (MAC). Together, these mechanisms are
 sufficient to protect the information from being compromised.
--

Current thread:

minor vulnerability in ELM, (continued)
- - - minor vulnerability in ELM Dmitry E. Kim (Mar 26)
    - FreeBSD-SA-97:02: Buffer overflow in lpd Aleph One (Mar 26)
  - Cisco 2509/2511 Albert Siersema (Mar 24)
    - Re: Cisco 2509/2511 Dan Brown (Mar 24)
    - Re: Cisco 2509/2511 Erdinc KAYA (Mar 24)
- Re: your mail Stefan Laudat (Mar 24)
- Re: your mail Jamie Rishaw (Mar 24)
  - Re: your mail Illuminati Primus (Mar 24)
  - ObNag: running sendmail as root Tom Guptill (Mar 24)
- buffer over in hp-ux 10.20 kernel Darren Reed (Mar 23)
- Re: buffer over in hp-ux 10.20 kernel Security Alert (Mar 26)