Full Disclosure mailing list archives
Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ]
From: Roman Medina-Heigl Hernandez <roman () rs-labs com>
Date: Fri, 20 Oct 2006 19:34:03 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Roman Medina-Heigl Hernandez escribió:
Product Name : dtmail Product Version : 5.1b Vendor Name : Hewlet Packard Criticality : Local Root Compromise Effort : Easy Operating System : Tru64 Type : Unchecked BufferHello, I've just installed vulnerable package in my test-bed: # uname -a OSF1 alpha V5.1 2650 alpha # pwd /mnt/ALPHA/BASE # setld -l . OSFCDEMAIL540 # ls -l /usr/dt/bin/dtmail -r-xr-sr-x 1 bin mail 1212752 Oct 17 2002 /usr/dt/bin/dtmail # How is this a local root? (binary is setgid "mail" but not setuid "root")
Confirmed by HP: *NOT* a local root. "The vulnerability could be exploited by a local, authorized user to execute arbitrary code as a member of the 'mail' group." http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00793805&jumpid=reg_R1002_USEN Interesting enough to note that the bug is also present in HPUX (same scope, again not a local root). Netragard ppl should fix their advisory and web site... - -- Saludos, - -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFFOQiL5H+KferVZ0IRAhsoAJ9RGDnKl+bfj4sKipKyl6i8KBVDQwCePbrR OPOjUt/j090/ZelHuzJZuBk= =BZop -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Netragard Security Advisories (Oct 17)
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 17)
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 20)
- Message not available
- Message not available
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 20)
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Netragard Security Advisories (Oct 20)
- Message not available
- HP Tru64 dtmail bug - Really exploitable? Roman Medina-Heigl Hernandez (Oct 22)
- Re: HP Tru64 dtmail bug - Really exploitable? K F (lists) (Oct 22)
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 20)
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 17)