Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: PS Information Leak on HP True64 Alpha OSF1 v5.1 1885

PS Information Leak on HP True64 Alpha OSF1 v5.1 1885

From: Andrea \ <bunker_at_fastwebnet.it>
Date: Tue, 06 Feb 2007 12:44:21 +0100

[After months of silence from the "HP Software Security Response Team"]

-Type: Information leak
-Risk: low
-Author: Andrea "bunker" Purificato - http://rawlab.mindcreations.com

-Description: the "ps" command (also /usr/ucb/ps) on HP OSF1 v5.1 Alpha,
developed without an eye to security, allows unprivileged users to see
values of all processes environment variables.

It's something similar to "raptor_ucbps" (by Marco Ivaldi) for Solaris.

I've tested it only on OSF1 v5.1 1885.
If you remove bit suid from executable, "ps" doesn't work correctly.

-Code: http://rawlab.mindcreations.com/codes/exp/nix/osf1true64ps.ksh

Bye, 

-- 
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.
http://rawlab.mindcreations.com 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Feb 06 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]