Updates necessary to fix multiple HP-UX vulnerabilities

Hewlett-Packard has announced six vulnerabilities in its HP-UX operating system. Users of vulnerable systems need to install updates to protect against them.

Hewlett-Packard has released advisories on six vulnerable components of the HP-UX operating system that can allow remote unauthorized access, remote access to privileged data, remote unauthorized information disclosure, local escalation of privileges and denial of service.

One is the Mozilla Web browser, which suffers from a violation of the "same origin policy." This means that it's possible, for example, for one Web site to remotely access the contents of another Web site without authorization.

Another vulnerable component is rpc.mountd. Remote attackers can craft input to rpc.mountd and use its error messages to find out if a file exists on the machine. This allows the attacker to access data that only users with higher privileges should have and offers the potential for unauthorized disclosure of information.

A buffer overflow in /usr/lbin/rwrite can allow local users to cause a core dump or to escalate privileges.

A similar buffer-overflow vulnerability in CDE libDtHelp can be manipulated to escalate privileges or cause a denial of service.

Finally, both uucp and uusub suffer from buffer overflows that can allow local attackers to escalate privileges.

The vulnerable components are present in HP-UX version 11.x running on the HP9000 Series 700/800. Updates are available.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close