SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   setrlimit Vendors:   HPE
HP/UX setrlimit Resource Limiting Utility Lets Local Users Cause Denial of Service Conditions and Possibly Execute Arbitrary Code on the Server with Root Level Privileges
SecurityTracker Alert ID:  1001896
SecurityTracker URL:  http://securitytracker.com/id/1001896
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jul 2 2001
Original Entry Date:  Jul 2 2001
Impact:   Denial of service via local system, Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): HP9000 Series 700/800 running HP-UX releases 10.01, 10.10, 10.20, 10.24, 11.04, and 11.00 only.
Description:   HP announced a vulnerability in the setrlimit() function that allows local users to cause denial of service conditions and may allow local users to execute arbitrary code on the server with root level privileges.

HP reported that if a local user sets the core file size limit to 0 for a process that has set user id or set group id privileges, that process could create corefiles or be attached to with a debugger. This may allow a local user to execute arbitrary code with the setuid or setgid privileges of the process. The vulnerability is reportedly due to a flaw that causes incorrect core processing when a process with its core file size limit set to 0 by setrlimit() aborts.

Impact:   A local user can cause denial of service conditions and may be able to execute arbitrary code on the server with root level privileges.
Solution:   The vendor has released patches for the various HP/UX releases:

11.11 PHKL_23423,
11.04 PHKL_23886,
11.00 PHKL_23628,
10.20 700 PHKL_22701,
10.20 800 PHKL_22702,
10.24 700 PHKL_24249,
10.24 800 PHKL_24250,
10.10 700 PHKL_23477,
10.10 800 PHKL_23478,
10.01 700 PHKL_23512,
10.01 800 PHKL_23513.

The patch causes the kernel to disallow corefiles and debugger attachments for processes that have setuid/setgid privileges.

Vendor URL:  www.hp.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  UNIX (HP/UX)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(HP Issues Fix for Additional OS Versions) HP/UX setrlimit Resource Limiting Utility Lets Local Users Cause Denial of Service Conditions and Possibly Execute Arbitrary Code on the Server with Root Level Privileges
The vendor has released a fix for HP/UX 10.26. In the previous Alert (see Message History), patches were released for other versions.
(HP Issues Fix for HP-UX 11.11) HP/UX setrlimit Resource Limiting Utility Lets Local Users Cause Denial of Service Conditions and Possibly Execute Arbitrary Code on the Server with Root Level Privileges
The vendor has released a fix for HP/UX 11.11.



 Source Message Contents

Subject:  security bulletins digest




Document ID:  HPSBUX0107-156_
Date Loaded:  20010701
      Title:  Sec. Vulnerability in setrlimit(1M)

-------------------------------------------------------------------------
    HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #0156, 2 July '01
-------------------------------------------------------------------------

The information in the following Security Bulletin should be acted upon
as soon as possible.  Hewlett-Packard Company will not be liable for any
consequences to any customer resulting from customer's failure to fully
implement instructions in this Security Bulletin as soon as possible.

-------------------------------------------------------------------------
PROBLEM:  The setrlimit() allows incorrect core files

PLATFORM: HP9000 Series 700/800 running HP-UX releases 10.01, 10.10,
          10.20, 10.24, 11.04, and 11.00 only.

DAMAGE:   Possible denial of service

SOLUTION: Install the appropriate patch for the HP-UX release:
             11.11                          PHKL_23423,
             11.04                          PHKL_23886,
             11.00                          PHKL_23628,
             10.20 700                      PHKL_22701,
             10.20 800                      PHKL_22702,
             10.24 700                      PHKL_24249,
             10.24 800                      PHKL_24250,
             10.10 700                      PHKL_23477,
             10.10 800                      PHKL_23478,
             10.01 700                      PHKL_23512,
             10.01 800                      PHKL_23513.

AVAILABILITY:  The patches are available now.
-------------------------------------------------------------------------
   A. Background
      Hewlett-Packard has discovered that a process that at one time was
      setuid/setgid could create corefiles or be attached to with a
      debugger.  If the process core file's size limit has been set to 0
      in setrlimit(), when the process aborts, the core processing is
      incorrect.

   B. Recommended solution
      After applying this patch, the kernel now remembers that the
      process was at one time setuid/setgid, and disallow corefiles
      and debugger attachment.  If the process core file size limit
      has been set to zero, it obeys.

      Application of the appropriate patch selected from the list below
      completely solves this problem.

      For HP-UX release:
             11.11                          PHKL_23423,
             11.04                          PHKL_23886,
             11.00                          PHKL_23628,
             10.20 700                      PHKL_22701,
             10.20 800                      PHKL_22702,
             10.24 700                      PHKL_24249,
             10.24 800                      PHKL_24250,
             10.10 700                      PHKL_23477,
             10.10 800                      PHKL_23478,
             10.01 700                      PHKL_23512,
             10.01 800                      PHKL_23513.

      Note: Many of these patches have dependencies.  A reboot will
            be required.

   C. To subscribe to automatically receive future NEW HP Security
      Bulletins from the HP IT Resource Center via electronic mail,
      do the following:

      Use your browser to get to the HP IT Resource Center page
      at:

       http://itrc.hp.com

      Under the Maintenance and Support Menu (Electronic Support
      Center):  click on the "more..." link.  Then -

      Use the 'Login' tab at the left side of the screen to login
      using your ID and password.  Check with your system
      administrator to see if you have an existing login or use
      the "Register" button at the left to create a login.  You
      will need to login in order to gain access to many areas of
      the ITRC. Remember to save the User ID assigned to you, and
      your password.

      Under the Maintenance and Support Menu, click on the "more..."
      link.  Under the "Notifications" section (near the bottom of
      the page), select "Support Information Digests".

      To -subscribe- to future HP Security Bulletins or other
      Technical Digests, click the check box (in the left column)
      for the appropriate digest and then click the "Update
      Subscriptions" button at the bottom of the page.

      or

      To -review- bulletins already released, select the link
      (in the middle column) for the appropriate digest.

      To -gain access- to the Security Patch Matrix, select
      the link for "hp security bulletins archive" near the bottom.
      Once in the archive the top link is to our current Security
      Patch Matrix.  Updated daily, this matrix categorizes security
      patches by platform/OS release, and by bulletin topic.

      The security patch matrix is also available via anonymous ftp:

      ftp.itrc.hp.com
      ~ftp/export/patches/hp-ux_patch_matrix"

      On the "Support Information Digest Main" page:
      click on the "HP Security Bulletin Archive".

   D. To report new security vulnerabilities, send email to

      security-alert@hp.com

      Please encrypt any exploit information using the security-alert
      PGP key, available from your local key server, or by sending a
      message with a -subject- (not body) of 'get key' (no quotes) to
      security-alert@hp.com.

      Permission is granted for copying and circulating this Bulletin
      to Hewlett-Packard (HP) customers (or the Internet community)
      for the purpose of alerting them to problems, if and only if,
      the Bulletin is not edited or changed in any way, is attributed
      to HP, and provided such reproduction and/or distribution is
      performed for non-commercial purposes.

      Any other use of this information is prohibited. HP is not
      liable for any misuse of this information by any third party.
________________________________________________________________________
-----End of Document ID:  HPSBUX0107-156_-------------------------------------

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC