HP-UX vulnerabilities could allow denial of service

Edmund X. DeJesus, Contributor

Hewlett-Packard Co. is recommending that users patch HP-UX to fix a pair of vulnerabilities that could allow remote denial-of-service attacks, local privilege escalation and local denial of service.

The first vulnerability involves the calloc function,

    Requires Free Membership to View

which is used to calculate memory for buffers. A known problem with the function can result in an integer overflow, which could produce a buffer too small for what the application requires. During execution, the too-small buffer may lead to a buffer overflow. This can crash the application, causing a denial of service. In this particular case, the buffer is open to remote access.

This vulnerability occurs in HP-UX version 11.x -- specifically on HP9000 servers running versions B.11.00, B.11.04 and B.11.11. This same calloc problem has affected many other libraries and applications, including GNU libc 2.2.5, GNU C++ Compiler, GNU Ada Compiler and Microsoft Visual C++.

A less-critical vulnerability could allow a local user to gain unauthorized privileges or cause a denial of service. The HP-UX SharedX function accesses files in an insecure manner, HP says. This vulnerability occurs in HP-UX versions B.11.00, B.11.11 and B.11.22.

The patch can be downloaded from HP's Web site.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: