Article

Updates necessary to fix multiple HP-UX vulnerabilities

Edmund X. DeJesus, Contributor

Hewlett-Packard has released advisories on six vulnerable components of the HP-UX operating system that can allow remote unauthorized access, remote access to privileged data, remote unauthorized information disclosure,

    Requires Free Membership to View

local escalation of privileges and denial of service.

One is the Mozilla Web browser, which suffers from a violation of the "same origin policy." This means that it's possible, for example, for one Web site to remotely access the contents of another Web site without authorization.

Another vulnerable component is rpc.mountd. Remote attackers can craft input to rpc.mountd and use its error messages to find out if a file exists on the machine. This allows the attacker to access data that only users with higher privileges should have and offers the potential for unauthorized disclosure of information.

A buffer overflow in /usr/lbin/rwrite can allow local users to cause a core dump or to escalate privileges.

A similar buffer-overflow vulnerability in CDE libDtHelp can be manipulated to escalate privileges or cause a denial of service.

Finally, both uucp and uusub suffer from buffer overflows that can allow local attackers to escalate privileges.

The vulnerable components are present in HP-UX version 11.x running on the HP9000 Series 700/800. Updates are available.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: