Bugtraq mailing list archives
Re: HPUX Security Bulletin HPSBUX0103-146 - How Bad ?
From: Joe Carnahan <haq4jc () YAHOO COM>
Date: Tue, 20 Mar 2001 05:31:44 -0800
--- "Boyce, Nick" <nick.boyce () EDS COM> wrote:
Usual question - anyone know how bad this one is ? The words "buffer overflow" scare me :-)
Actually, this one's about as innocent as buffer overflows can get - If this is the same problem with Vixie cron that was being discussed last month (check the bugtraq archives from about the beginning of February), then the string whose length is unchecked is the username itself. That is, if my username was more than 20 characters long AND my username itself contained nasty shellcode at the end, then I could get root by running the crontab command. However, this assumes that you can set your username to be a particularly large and obviously malicious string, and last time I checked, root is the only user that can create accounts and set or change usernames. So, this vulnerability is not terribly useful to an attacker. Still, if you have the opportunity to patch your system(s), then by all means please do. Even if there's not much danger of root compromise, it's best to plug any holes before someone more clever comes along and figures out how to widen them enough to be useful, right? Regards, Joe Carnahan ===== Joseph Carnahan haq4jc () yahoo com Home: (540) 361-4345 Work: (540) 653-5798 or (703) 697-6318 __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
Current thread:
- HPUX Security Bulletin HPSBUX0103-146 - How Bad ? Boyce, Nick (Mar 19)
- Re: HPUX Security Bulletin HPSBUX0103-146 - How Bad ? Joe Carnahan (Mar 20)