HP-UX vulnerabilities could allow denial of service

A pair of vulnerabilities in HP-UX could allow remote denial-of-service attacks, local privilege escalation and local denial of service.

Hewlett-Packard Co. is recommending that users patch HP-UX to fix a pair of vulnerabilities that could allow remote denial-of-service attacks, local privilege escalation and local denial of service.

The first vulnerability involves the calloc function, which is used to calculate memory for buffers. A known problem with the function can result in an integer overflow, which could produce a buffer too small for what the application requires. During execution, the too-small buffer may lead to a buffer overflow. This can crash the application, causing a denial of service. In this particular case, the buffer is open to remote access.

This vulnerability occurs in HP-UX version 11.x -- specifically on HP9000 servers running versions B.11.00, B.11.04 and B.11.11. This same calloc problem has affected many other libraries and applications, including GNU libc 2.2.5, GNU C++ Compiler, GNU Ada Compiler and Microsoft Visual C++.

A less-critical vulnerability could allow a local user to gain unauthorized privileges or cause a denial of service. The HP-UX SharedX function accesses files in an insecure manner, HP says. This vulnerability occurs in HP-UX versions B.11.00, B.11.11 and B.11.22.

The patch can be downloaded from HP's Web site.

Dig deeper on Denial of Service (DoS) Attack Prevention-Detection and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close