Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: ipcs on HP-UX 11.0
From: jon () terrasecurity co uk
Date: Fri, 28 Mar 2003 10:53:38 +0000

I found a vulnerability with ipcs a while back (January 2002), but on a different platform. Details:

% uname -a
Digital UNIX V4.0F  (Rev. 1229) ; OSF1 V4.0 1229 alpha
% ls -l /usr/bin/ipcs
-rws--x--x   1 root     bin        32768 Jun  3  1999 /usr/bin/ipcs
% /usr/bin/ipcs -N `perl -e "print 'A' x 314"`
Segmentation fault

There was also an overflow with the -K option if I remember correctly.

I reported this problem to Compaq, the vulnerability was confirmed, and the bug was assigned a tracking number. Since then I have not been able to get any information from Compaq on this issue.

Can anyone confirm this on a later version?


bt () delfi lt wrote:
 There is a buffer overflow in /usr/bin/ipcs on HP-UX 11.0 (other versions might be
vulnerable too).
 $ ls -al /usr/bin/ipcs
 -r-xr-sr-x   1 bin        sys          28672 Apr 23  1999 /usr/bin/ipcs
 $ /usr/bin/ipcs -C `perl -e 'print "A" x 2232'`
 Segmentation fault
All ipcs vulnerabilities I know about are on HP Tru64.
This system was patched with PHCO_18374 - the lastest patch for ipcs.
I just wondering if it was known before, and if it was - maybe someone has a working proof
of concept on this.
bt () delfi lt

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]