• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

HP Tru64 Inc Local Buffer Overflow Vulnerability

Tru64 is a commercially available Unix operating system originally developed by Digital. It is distributed and maintained by HP. The inc utility incorporates mail from the user's incoming mail drop into an MH folder.

A buffer overflow has been discovered in the inc utility distributed with Tru64, which can be exploited via an overly long string in the MH environment variable. By exploiting this issue it is possible for an attacker to execute arbitrary commands as the root user.