HPUX ftpd User Inputted Format String Stack Overwrite Vulnerability
BID:1560
Info
HPUX ftpd User Inputted Format String Stack Overwrite Vulnerability
| Bugtraq ID: | 1560 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 06 2000 12:00AM |
| Updated: | Aug 06 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list by Przemyslaw Frasunek <[email protected]> |
| Vulnerable: |
HP HP-UX 11.0 HP HP-UX 10.20 |
| Not Vulnerable: | |
Discussion
HPUX ftpd User Inputted Format String Stack Overwrite Vulnerability
A vulnerability exists in the handling of user inputted data in the ftp daemon included by Hewlett-Packard as part of its HPUX operating system. By passing format strings as the argument to the PASS ftp command, it is possible to overwrite values on the stack. Additionally, by passing the proper arguments, it is possible to conduct an attack similar to a traditional buffer overflow.
A vulnerability exists in the handling of user inputted data in the ftp daemon included by Hewlett-Packard as part of its HPUX operating system. By passing format strings as the argument to the PASS ftp command, it is possible to overwrite values on the stack. Additionally, by passing the proper arguments, it is possible to conduct an attack similar to a traditional buffer overflow.
Exploit / POC
HPUX ftpd User Inputted Format String Stack Overwrite Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
HPUX ftpd User Inputted Format String Stack Overwrite Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
HPUX ftpd User Inputted Format String Stack Overwrite Vulnerability
References:
References:
- HP Support (Hewlett Packard)