HP OpenVMS 'SMGSHR.EXE' Local Buffer Overflow Vulnerability

Bugtraq ID:	30840
Class:	Boundary Condition Error
CVE:	CVE-2008-3540
Remote:	No
Local:	Yes
Published:	Aug 20 2008 12:00AM
Updated:	Sep 25 2008 09:19PM
Credit:	The vendor disclosed this issue.
Vulnerable:	HP OpenVMS 7.3 -2 Alpha HP OpenVMS 8.3.Alpha HP OpenVMS 8.3 Integrity HP OpenVMS 8.3 -1H1 Integrity HP OpenVMS 8.2.Alpha HP OpenVMS 8.2-1 Integrity HP OpenVMS 7.3 VAX HP OpenVMS 6.2 VAX
Not Vulnerable:

HP OpenVMS 'SMGSHR.EXE' Local Buffer Overflow Vulnerability

HP OpenVMS is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service.

HP OpenVMS 'SMGSHR.EXE' Local Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

HP OpenVMS 'SMGSHR.EXE' Local Buffer Overflow Vulnerability

Solution:
Vendor fixes are available. Please contact the vendor for details.

HP OpenVMS 'SMGSHR.EXE' Local Buffer Overflow Vulnerability

References:

• OpenVMS Home Page (HP)
  
• VMS821I_SMGRTL-V0100, ECO Kit Release (OpenVMS)