HP-UX kermit Buffer Overflow Vulnerability
BID:2170
Info
HP-UX kermit Buffer Overflow Vulnerability
| Bugtraq ID: | 2170 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 03 2001 12:00AM |
| Updated: | Jan 03 2001 12:00AM |
| Credit: | This vulnerability was announced by HP in Security Bulletin #135 released on December 21, 2000. |
| Vulnerable: |
HP HP-UX 11.0 HP HP-UX 10.20 HP HP-UX 10.10 HP HP-UX 10.1 0 |
| Not Vulnerable: | |
Discussion
HP-UX kermit Buffer Overflow Vulnerability
Kermit is a communications software package available with most implementations of the UNIX Operating System. A problem exists in the kermit software package distributed with HP-UX.
The problem is the result of a buffer overflow in kermit. It is possible to overwrite stack variables and potentially the return address. This problem could allow a user with malicious intent to arbitrarily execute code, and gain elevated privileges with the potential for administrative access.
Kermit is a communications software package available with most implementations of the UNIX Operating System. A problem exists in the kermit software package distributed with HP-UX.
The problem is the result of a buffer overflow in kermit. It is possible to overwrite stack variables and potentially the return address. This problem could allow a user with malicious intent to arbitrarily execute code, and gain elevated privileges with the potential for administrative access.
Exploit / POC
HP-UX kermit Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
HP-UX kermit Buffer Overflow Vulnerability
Solution:
Patches available:
HP HP-UX 10.1 0
HP HP-UX 10.10
HP HP-UX 10.20
HP HP-UX 11.0
Solution:
Patches available:
HP HP-UX 10.1 0
-
HP 10.1 PHCO_22813
http://itrc.hp.com
HP HP-UX 10.10
-
HP PHCO_22812
http://itrc.hp.com
HP HP-UX 10.20
-
HP 10.20 PHCO_22674
http://itrc.hp.com
HP HP-UX 11.0
-
HP 11.0 PHCO_22665
http://itrc.hp.com