HP-UX FTP Server Debug Logging Mode Buffer Overflow Vulnerability

HP-UX FTP Server Debug Logging Mode Buffer Overflow Vulnerability

It has been reported that the FTP server included with HP-UX is vulnerable to a remotely exploitable pre-authentication buffer overflow if configured to log debug output. This is not a default configuration. An administrator at some point would had to have configured inetd to invoke the ftpd server process with the "-v" parameter. Remote attackers can exploit this vulnerability to gain root privileges on the affected host.