Hewlett-Packard Co. is recommending that users patch HP-UX to fix a pair of vulnerabilities that could allow remote...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
denial-of-service attacks, local privilege escalation and local denial of service.
The first vulnerability involves the calloc function, which is used to calculate memory for buffers. A known problem with the function can result in an integer overflow, which could produce a buffer too small for what the application requires. During execution, the too-small buffer may lead to a buffer overflow. This can crash the application, causing a denial of service. In this particular case, the buffer is open to remote access.
This vulnerability occurs in HP-UX version 11.x -- specifically on HP9000 servers running versions B.11.00, B.11.04 and B.11.11. This same calloc problem has affected many other libraries and applications, including GNU libc 2.2.5, GNU C++ Compiler, GNU Ada Compiler and Microsoft Visual C++.
A less-critical vulnerability could allow a local user to gain unauthorized privileges or cause a denial of service. The HP-UX SharedX function accesses files in an insecure manner, HP says. This vulnerability occurs in HP-UX versions B.11.00, B.11.11 and B.11.22.
The patch can be downloaded from HP's Web site.