Date: Thu, 13 Feb 2003 15:51:04 +0100
From: Davide Del Vecchio <[email protected]>
To: [email protected]Subject: HPUX disable buffer overflow vulnerability
HPUX disable buffer overflow vulnerability
Davide Del Vecchio Adv#4
Date: 13/02/2003
Tested on HP-UX B.11.00
Description:
The enable command activates the named printers, enabling them to
print requests taken by lp. The "-r" option Associate a reason
with the deactivation of the printer. The "-c" option cancel any
requests that are currently printing on any of the designated printers.
$ ls -al `which disable`
-r-sr-xr-x 1 lp bin 28672 Jun 15 1998 /usr/bin/disable
Using disable with or without '-r', '-c' with a long option string:
$ disable -r `perl -e 'printf "A" x 9777'`
Memory fault
Solution:
HP has been contacted, hope it will release soon a patch.
I sent an e-mail to [email protected] beacause the url
http://thenew.hp.com/country/us/eng/sftware_security.html
wont work.
Credits:
Davide Del Vecchio would like to thank in primis his love Mara,
his coworkers of the security and monitoring staff @ Banca Mediolanum.
Disclaimer:
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event shall
the author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.
^^^^^^^^
Please send suggestions, updates, and comments to:
Davide Del Vecchio , Dante Alighieri - [email protected] / [email protected]
www.alighieri.org
