HP-UX cu Buffer Overflow Vulnerability

Bugtraq ID:	1886
Class:	Boundary Condition Error
CVE:	CVE-2000-1028
Remote:	No
Local:	Yes
Published:	Nov 02 2000 12:00AM
Updated:	Jul 11 2009 03:56AM
Credit:	First posted to Bugtraq by zorgon <[email protected]> on Nov 2, 2000.
Vulnerable:	HP HP-UX (VVOS) 11.0.4 HP HP-UX 11.11 HP HP-UX 11.0 HP HP-UX 10.20 HP HP-UX 10.10 HP HP-UX 10.0 1 HP HP-UX 9.10 HP HP-UX 9.9 HP HP-UX 9.8 HP HP-UX 9.7 HP HP-UX 9.6 HP HP-UX 9.5 HP HP-UX 9.4 HP HP-UX 9.1 HP HP-UX 9.0
Not Vulnerable:

HP-UX cu Buffer Overflow Vulnerability

cu is a unix utility that is used for communication between two hosts (usually over phone lines). It is typically isntalled setuid root so that it can access communications hardware when executed by a regular user.

The version of cu that ships with HP-UX is vulnerable to a buffer overflow attack that may result in an escalation of privileges if exploited properly. The argument to the -l option (the line) is handled in an unsafe manner and if the length of it exceeds 9777 bytes, it will corrupt vital stack variables. This may result in shellcode provided by the user being executed with the privileges of the process (euid 0).

HP-UX cu Buffer Overflow Vulnerability

Solution:
HP has released fixes:


HP HP-UX 10.0 1

• HP PHCO_22763
  

HP HP-UX 10.10

• HP PHCO_22765
  

HP HP-UX 10.20

• HP PHCO_22764
  

HP HP-UX 11.0

• HP PHCO_22766
  

HP HP-UX (VVOS) 11.0.4

• HP PHCO_23424
  

HP HP-UX 11.11

• HP PHCO_23909
  

HP-UX cu Buffer Overflow Vulnerability

References:

• HP Support (Hewlett Packard)