Hewlett-Packard has released advisories on six vulnerable components of the HP-UX operating system that can allow remote unauthorized access, remote access to privileged data, remote unauthorized information disclosure, local escalation of privileges and denial of service.
One is the Mozilla Web browser, which suffers from a violation of the "same origin policy." This means that it's possible, for example, for one Web site to remotely access the contents of another Web site without authorization.
Another vulnerable component is rpc.mountd. Remote attackers can craft input to rpc.mountd and use its error messages to find out if a file exists on the machine. This allows the attacker to access data that only users with higher privileges should have and offers the potential for unauthorized disclosure of information.
A buffer overflow in /usr/lbin/rwrite can allow local users to cause a core dump or to escalate privileges.
A similar buffer-overflow vulnerability in CDE libDtHelp can be manipulated to escalate privileges or cause a denial of service.
Finally, both uucp and uusub suffer from buffer overflows that can allow local attackers to escalate privileges.
The vulnerable components are present in HP-UX version 11.x running on the HP9000 Series 700/800. Updates are available.