News Stay informed about the latest enterprise technology news and product updates.

Updates necessary to fix multiple HP-UX vulnerabilities

Hewlett-Packard has announced six vulnerabilities in its HP-UX operating system. Users of vulnerable systems need to install updates to protect against them.

Hewlett-Packard has released advisories on six vulnerable components of the HP-UX operating system that can allow...

remote unauthorized access, remote access to privileged data, remote unauthorized information disclosure, local escalation of privileges and denial of service.

One is the Mozilla Web browser, which suffers from a violation of the "same origin policy." This means that it's possible, for example, for one Web site to remotely access the contents of another Web site without authorization.

Another vulnerable component is rpc.mountd. Remote attackers can craft input to rpc.mountd and use its error messages to find out if a file exists on the machine. This allows the attacker to access data that only users with higher privileges should have and offers the potential for unauthorized disclosure of information.

A buffer overflow in /usr/lbin/rwrite can allow local users to cause a core dump or to escalate privileges.

A similar buffer-overflow vulnerability in CDE libDtHelp can be manipulated to escalate privileges or cause a denial of service.

Finally, both uucp and uusub suffer from buffer overflows that can allow local attackers to escalate privileges.

The vulnerable components are present in HP-UX version 11.x running on the HP9000 Series 700/800. Updates are available.

Dig Deeper on Microsoft Patch Tuesday and patch management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.