2781 : HP-UX Software Distributor Privilege Escalation
Printer | http://osvdb.org/2781 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

11 months ago

Percent Complete

65%

Disclosure

Nov 06, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

HP-UX Versions B.11.00 and B.11.11 contain a flaw that may allow a malicious local user to escalate their privledges. The vulnerability is casued due to boundary errors in some suid "root" SD (Software Distributor) utilities when handling the "LANG" environment variable. These can be exploited to cause buffer overflows by setting an overly long, specially crafted string.

Classification

Unknown or Incomplete

Technical

The vulnerability affects HP9000 servers running HP-UX releases B.11.00 and B.11.11.

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, HP has released a patch to address this vulnerability.

Products

Hewlett-Packard Development Company, L.P.	HP-UX	B.11.00
		B.11.11

References

Secunia Advisory ID: 10158
CVE ID: 2003-0089 (see also: NVD)
Vendor Specific Solution URL: http://itrc.hp.com
Generic Informational URL: http://www.nsfocus.com/english/homepage/research/0307.htm
Vendor Specific Advisory URL: http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0311-293

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Technical

Solution

Products

Hewlett-Packard Development Company, L.P.

HP-UX

References

Credit

Blogs

Comments