HP-UX bdf/df Buffer Overflow Vulnerabilities
BID:1520
Info
HP-UX bdf/df Buffer Overflow Vulnerabilities
| Bugtraq ID: | 1520 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0801 |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 31 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | This vulnerability was first reported to Bugtraq on Thursday July 27, 2000 by Kyong-won Cho <[email protected]> |
| Vulnerable: |
HP HP-UX 11.0 HP HP-UX 10.20 |
| Not Vulnerable: | |
Discussion
HP-UX bdf/df Buffer Overflow Vulnerabilities
There is a buffer overflow in the setuid utility /usr/bin/bdf that causes the program to exit with a memory fault when an argument to the -t option is supplied with more than 2415 characters (this number may vary - it has been demonstrated that 2599 characters are needed on an HP-UX 10.20 installation). It is not clear from the information that we have whether or not this is exploitable. It has been reported that the df(1M) program exhibits similar behaviour as well.
There is a buffer overflow in the setuid utility /usr/bin/bdf that causes the program to exit with a memory fault when an argument to the -t option is supplied with more than 2415 characters (this number may vary - it has been demonstrated that 2599 characters are needed on an HP-UX 10.20 installation). It is not clear from the information that we have whether or not this is exploitable. It has been reported that the df(1M) program exhibits similar behaviour as well.
References
HP-UX bdf/df Buffer Overflow Vulnerabilities
References:
References: