Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: HP/UX :: sb5977.htm

Wall Buffer Overflow
7th Feb 2003 [SBWID-5977]

	Wall Buffer Overflow


	Tested on HPUX 11.00,11.11


	eip,c0w of uk2sec [] says :
	bash-2.04$ ls -las /usr/sbin/wall  
	  40 -r-xr-sr-x   1 bin        tty          20480 Nov  7  1997 
	Wall on HPUX works in the following way:
	echo "Something to Say" > file
	wall file
	The problem arises when we place 9000 A's into the file to be  broadcast
	by the wall program.
	 Example :
	perl -e 'print "A" x 9000' > /tmp/out
	/usr/sbin/wall /tmp/out
	Memory fault
	The wall binary has Set Group ID of tty, so  not  a  huge  problem,  but
	even so - still a security risk.



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH