SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   ps Vendors:   HPE
HP Tru64 UNIX ps Command Discloses Environment Variables to Local Users
SecurityTracker Alert ID:  1017592
SecurityTracker URL:  http://securitytracker.com/id/1017592
CVE Reference:   CVE-2007-0805   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Feb 6 2007
Impact:   Disclosure of system information
Exploit Included:  Yes  
Version(s): HP OSF1 v5.1 1885 Alpha
Description:   A vulnerability was reported in the 'ps' utility on HP Tru64. A local user can view environment variable values.

A local user can invoke the '/usr/ucb/ps' command to view the values of environment variables of all processes on the target system.

The vendor has been notified.

A demonstration exploit is available at:

http://rawlab.mindcreations.com/codes/exp/nix/osf1tru64ps.ksh

Andrea "bunker" Purificato reported this vulnerability.

Impact:   A local user can view the values of environment variables of all processes on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.hp.com/ (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  PS Information Leak on HP True64 Alpha OSF1 v5.1 1885

[After months of silence from the "HP Software Security Response Team"]


-Type: Information leak
-Risk: low
-Author: Andrea "bunker" Purificato - http://rawlab.mindcreations.com

-Description: the "ps" command (also /usr/ucb/ps) on HP OSF1 v5.1 Alpha,
developed without an eye to security, allows unprivileged users to see
values of all processes environment variables.

It's something similar to "raptor_ucbps" (by Marco Ivaldi) for Solaris.

I've tested it only on OSF1 v5.1 1885.
If you remove bit suid from executable, "ps" doesn't work correctly.

-Code: http://rawlab.mindcreations.com/codes/exp/nix/osf1true64ps.ksh


Bye,
-- 
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

http://rawlab.mindcreations.com 

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC