-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Product Name : dtmail > Product Version : 5.1b > Vendor Name : Hewlet Packard > Criticality : Local Root Compromise > Effort : Easy > Operating System : Tru64 > Type : Unchecked Buffer
Hello, I've just installed vulnerable package in my test-bed: # uname -a OSF1 alpha V5.1 2650 alpha # pwd /mnt/ALPHA/BASE # setld -l . OSFCDEMAIL540 # ls -l /usr/dt/bin/dtmail - -r-xr-sr-x 1 bin mail 1212752 Oct 17 2002 /usr/dt/bin/dtmail # How is this a local root? (binary is setgid "mail" but not setuid "root") - -- Saludos, - -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFFNSu45H+KferVZ0IRAkbgAJ4nuC7G+NypoVaZo5VbvNwMeZrVugCg0IUe fLTR3JrJQl8I9+2VW87w4sE= =y2ll -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
