======================================================= HPUX disable buffer overflow vulnerability ======================================================= Davide Del Vecchio Adv#4 Date: 13/02/2003 Tested on HP-UX B.11.00 Description: The enable command activates the named printers, enabling them to print requests taken by lp. The "-r" option Associate a reason with the deactivation of the printer. The "-c" option cancel any requests that are currently printing on any of the designated printers. $ ls -al `which disable` -r-sr-xr-x 1 lp bin 28672 Jun 15 1998 /usr/bin/disable Using disable with or without '-r', '-c' with a long option string: $ disable -r `perl -e 'printf "A" x 9777'` Memory fault Solution: HP has been contacted, hope it will release soon a patch. I sent an e-mail to supportat_private beacause the url http://thenew.hp.com/country/us/eng/sftware_security.html wont work. Credits: Davide Del Vecchio would like to thank in primis his love Mara, his coworkers of the security and monitoring staff @ Banca Mediolanum. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. ^^^^^^^^ Please send suggestions, updates, and comments to: Davide Del Vecchio , Dante Alighieri - danteat_private / securityat_private www.alighieri.org
This archive was generated by hypermail 2b30 : Thu Feb 13 2003 - 12:39:16 PST