HP-UX Wall消息本地缓冲区溢出漏洞

https://www.exploit-db.com/exploits/22231
https://cxsecurity.com/issue/WLB-2007100085
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-288

HP-UX是惠普公司开发和维护的商业性质UNIX操作系统。HP-UX包含的wall对超多的数据广播存在问题，本地攻击者可以利用这个漏洞进行缓冲区溢出攻击，可能以tty权限在系统上执行任意指令。Wall在HP-UX上如下方法工作：echo"SomethingtoSay">filewallfile当我们把9000个A放到文件里让wall广播时就会发生段错误，精心构建要广播的数据可能以tty权限在系统上执行任意指令。

source: http://www.securityfocus.com/bid/6800/info

It has been reported that the HPUX wall executable may be prone to a buffer overflow condition. This buffer overflow is alleged to be triggered when an excessive amount of data is redirected into wall as a message intended to be broadcast.

It may be possible for remote attackers to corrupt sensitive regions of memory with attacker-supplied values, possibly resulting in execution of arbitrary code.

perl -e 'print "A" x 9000' > /tmp/out
/usr/sbin/wall /tmp/out

来源:BID
名称:6800
链接:http://www.securityfocus.com/bid/6800
来源:XF
名称:hp-wall-bo(11272)
链接:http://xforce.iss.net/xforce/xfdb/11272
来源:BUGTRAQ
名称:20030207HPUXWallBufferOverflow
链接:http://www.securityfocus.com/archive/1/310908
来源:HP
名称:HPSBUX0305-258
链接:http://www.securityfocus.com/advisories/5369
来源:OVAL
名称:oval:org.mitre.oval:def:5439
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5439
来源:SREASON
名称:3264
链接:http://securityreason.com/securityalert/3264
来源：NSFOCUS
名称：4348
链接：http://www.nsfocus.net/vulndb/4348