Re: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv

[KF <dotslash () snosoft com>]

Not really sure... the ladebug debugger gave me a head ache so I didn't 
play with it much. If someone can point
me to a working tru64 gdb package I would find out some details. I was 
hoping that someone else from the
list would be able to determine just that...is local root compromise 
possible?
-KF


Mike Blomgren wrote:

> Does this imply a possible root compromise, or 'just' a DoS?
>
> -----Original Message-----
> From: KF [mailto:dotslash () snosoft com] 
> Sent: den 5 april 2002 03:18
> To: vuln-dev () security-focus com
> Subject: Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv
>
>
> Heres some the results of my latenight audit on Tru64. Its too late for 
> me to mess with Compaqs web site to get the security contact ( I am 
> tired and don't care or something). If someone has TRU64 gdb binaries I 
> would love them... its too late for me to be playing with the Tru64 
> ladebug also... get it "Lady Bug" har har.
>
> alpha.snosoft.com> uname -a
> OSF1 alpha.snosoft.com V5.1 732 alpha
>
> alpha.snosoft.com> ls -al /usr/bin/at
> -rwsr-xr-x   1 root     bin        57760 Aug 24  2000 /usr/bin/at
>
> alpha.snosoft.com> /usr/bin/at `perl -e 'print "A" x 9000'` Memory fault
> - core dumped
>
> alpha.snosoft.com> ls -al /usr/dt/bin/mailcv
> -rwsr-xr-x   1 root     bin        98368 Aug 25  2000 /usr/dt/bin/mailcv
>
> alpha.snosoft.com> /usr/dt/bin/mailcv -f  `perl -e 'print "A" x 9000'` A
> exception system:  exiting due to multiple internal errors:
>       exception dispatch or unwind stuck in infinite loop
>       exception dispatch or unwind stuck in infinite loop exception
> system:  exiting due to multiple internal errors:
>       exception dispatch or unwind stuck in infinite loop
>       exception dispatch or unwind stuck in infinite loop Abort - core
> dumped
>
> -KF