Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   OS (UNIX)  >   ps Vendors:   HPE
HP Tru64 UNIX ps Command Discloses Environment Variables to Local Users
SecurityTracker Alert ID:  1017592
SecurityTracker URL:
CVE Reference:   CVE-2007-0805   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Feb 6 2007
Impact:   Disclosure of system information
Exploit Included:  Yes  
Version(s): HP OSF1 v5.1 1885 Alpha
Description:   A vulnerability was reported in the 'ps' utility on HP Tru64. A local user can view environment variable values.

A local user can invoke the '/usr/ucb/ps' command to view the values of environment variables of all processes on the target system.

The vendor has been notified.

A demonstration exploit is available at:

Andrea "bunker" Purificato reported this vulnerability.

Impact:   A local user can view the values of environment variables of all processes on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

Subject:  PS Information Leak on HP True64 Alpha OSF1 v5.1 1885

[After months of silence from the "HP Software Security Response Team"]

-Type: Information leak
-Risk: low
-Author: Andrea "bunker" Purificato -

-Description: the "ps" command (also /usr/ucb/ps) on HP OSF1 v5.1 Alpha,
developed without an eye to security, allows unprivileged users to see
values of all processes environment variables.

It's something similar to "raptor_ucbps" (by Marco Ivaldi) for Solaris.

I've tested it only on OSF1 v5.1 1885.
If you remove bit suid from executable, "ps" doesn't work correctly.


Andrea "bunker" Purificato


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC