HP TCP/IP Services for OpenVMS Finger Client Format String Vulnerability
BID:30948
Info
HP TCP/IP Services for OpenVMS Finger Client Format String Vulnerability
| Bugtraq ID: | 30948 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3940 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 10 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | Claes Nyberg, Christer Oberg, James Tusini |
| Vulnerable: |
HP TCP/IP Services for OpenVMS 5.3 HP TCP/IP Services for OpenVMS 5.6 HP TCP/IP Services for OpenVMS 5.5 HP TCP/IP Services for OpenVMS 5.4 |
| Not Vulnerable: | |
Discussion
HP TCP/IP Services for OpenVMS Finger Client Format String Vulnerability
The HP OpenVMS finger client is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects HP TCP/IP Services for OpenVMS 5.x.
The HP OpenVMS finger client is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects HP TCP/IP Services for OpenVMS 5.x.
Exploit / POC
HP TCP/IP Services for OpenVMS Finger Client Format String Vulnerability
The reporter created and presented a working exploit for this issue. The exploit code does not seem to be publicly available.
The reporter created and presented a working exploit for this issue. The exploit code does not seem to be publicly available.
Solution / Fix
HP TCP/IP Services for OpenVMS Finger Client Format String Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
HP TCP/IP Services for OpenVMS Finger Client Format String Vulnerability
References:
References:
- Hacking OpenVMS (Claes Nyberg, Christer Oberg, James Tusini)
- TCP/IP Services for OpenVMS Documentation (HP)