HP-UX Wall消息本地缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107187 漏洞类型 缓冲区溢出
发布时间 2003-02-07 更新时间 2009-03-04
CVE编号 CVE-2003-1375 CNNVD-ID CNNVD-200312-288
漏洞平台 HP-UX CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/22231
https://cxsecurity.com/issue/WLB-2007100085
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-288
|漏洞详情
HP-UX是惠普公司开发和维护的商业性质UNIX操作系统。HP-UX包含的wall对超多的数据广播存在问题,本地攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以tty权限在系统上执行任意指令。Wall在HP-UX上如下方法工作:echo"SomethingtoSay">filewallfile当我们把9000个A放到文件里让wall广播时就会发生段错误,精心构建要广播的数据可能以tty权限在系统上执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/6800/info

It has been reported that the HPUX wall executable may be prone to a buffer overflow condition. This buffer overflow is alleged to be triggered when an excessive amount of data is redirected into wall as a message intended to be broadcast.

It may be possible for remote attackers to corrupt sensitive regions of memory with attacker-supplied values, possibly resulting in execution of arbitrary code.

perl -e 'print "A" x 9000' > /tmp/out
/usr/sbin/wall /tmp/out
|参考资料

来源:BID
名称:6800
链接:http://www.securityfocus.com/bid/6800
来源:XF
名称:hp-wall-bo(11272)
链接:http://xforce.iss.net/xforce/xfdb/11272
来源:BUGTRAQ
名称:20030207HPUXWallBufferOverflow
链接:http://www.securityfocus.com/archive/1/310908
来源:HP
名称:HPSBUX0305-258
链接:http://www.securityfocus.com/advisories/5369
来源:OVAL
名称:oval:org.mitre.oval:def:5439
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5439
来源:SREASON
名称:3264
链接:http://securityreason.com/securityalert/3264
来源:NSFOCUS
名称:4348
链接:http://www.nsfocus.net/vulndb/4348