PS Information Leak on HP True64 Alpha OSF1 v5.1 1885 Feb 06 2007 11:44AM
Andrea \bunker\ Purificato (bunker fastwebnet it) (1 replies)
[After months of silence from the "HP Software Security Response Team"]

-Type: Information leak
-Risk: low
-Author: Andrea "bunker" Purificato - http://rawlab.mindcreations.com

-Description: the "ps" command (also /usr/ucb/ps) on HP OSF1 v5.1 Alpha,
developed without an eye to security, allows unprivileged users to see
values of all processes environment variables.

It's something similar to "raptor_ucbps" (by Marco Ivaldi) for Solaris.

I've tested it only on OSF1 v5.1 1885.
If you remove bit suid from executable, "ps" doesn't work correctly.

-Code: http://rawlab.mindcreations.com/codes/exp/nix/osf1true64ps.ksh

Bye,
--
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

http://rawlab.mindcreations.com

[ reply ]
Re: PS Information Leak on HP True64 Alpha OSF1 v5.1 1885 Feb 06 2007 08:05PM
Ivan Jager aij+nospam (at) andrew.cmu (dot) edu [email concealed] (aij+nospam andrew cmu edu)


 

Privacy Statement
Copyright 2010, SecurityFocus